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SOFTWARE NEWS DOMINATES 
EMBEDDED SYSTEMS SHOW 

RTOS, tool updates take center stage; 
2004 likely to be a different story 

trace tool for its LynxOS and 
Linux operating systems that 
the company claims offers signi- 
ficantly increased system execu- 
tion visibility and 
i — . more post-mortem 
I insight into system 
crashes. "These en- 



BY EDWARD J. CORREIA 

SAN FRANCISCO — Foot traf- 
fic on the exhibit floor of the 
15th annual Embedded Systems 
Conference held at 
the Moscone Center 
here in late April was 
brisk, with attendees 



SDlfmes 




gathering more news about 
updated software tools and less 
about hardware. But those in- 
terested in software should 
enjoy it while it lasts; next year's 
ESC will be joined by the hard- 
ware-heavy Electronica show. 

RTOS developer Lynux- 
Works Inc. released Spyker 2.0, 
an update to its instrumented 



hancements are designed to pro- 
vide more understanding of sys- 
tem operations and [allow 
developers] to fine-tune perfor- 
mance of tire operating system," 
said Bob Morris, vice president 
of sales and marketing at Lynux- 
Works. Spyker does not require 
changes to source code. 

► continued on page 21 



C# Builder 
A First Step 
For Borland 



BY ALAN ZEICHICK 

Borland Software Corp. contin- 
ues its push into .NET with its 
announcement of C# Builder, an 
IDE for Microsoft's program- 
ming language, now recently 
approved as an ISO standard. 
Borland had previously dis- 
cussed the C# tool under the 



code name "Sidewinder" ("Bor- 
land Fires 'Sidewinder' at 
VS.NET," March 1, page 3). The 
company mentioned — to no sur- 
prise — that it would be develop- 
ing a more comprehensive tool 
suite around C#. 

C# Builder provides basi- 
► continued on page 15 
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The C# Builder IDE should look familiar to anyone with experience in C++ 
Builder or Delphi. 



OASIS Proposes Standard for Business Documents 

But will companies adopt common language that crosses industries? 



BY YVONNE L. LEE 

The Organization for the 
Advancement of Structured 
Information Standards (OASIS) 
is proffering what it hopes will be 
a universal language for business 
documents used on the Web. 
But the universal language could 
turn out to be a computer ver- 
sion of Esperanto — a language 
invented for cross-cultural com- 
munication that never has 
gained wide adoption. 

The Universal Business Lan- 
guage (UBL) seeks to find a sin- 
gle vocabulary for what OASIS 
(www.oasis-open.org) calls the 
"payload" or the actual content 



of documents, such as purchase 
orders and invoices exchanged 
in conducting business. It 
works with ebXML, which 
specifies how messages are 
passed, stored and identified. 
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Analysts think the effort is 
unnecessary because there 
aren't many businesses that 
exchange documents across 
industries, and when they do, 
it's usually done from separate 

E'BU(lfl«$$ 
Web Services 



Hi to: tn 



r«[T«. 



, . ■ 



:"ct 



,.. . 



liAdfi^ Pirlnn 
AgirtmtnJi 

DtSCtiptimi 
hiiiMtf-QMttp 






Hriuqr 
CCTlnlrtduitm 






' • "" Tl 


£ 


ittW 




EPWA 


in 




1 




a 


■ 


■V 








>i 




h_ 












.- 


liKWL 


EJ 


l*Mijqi"; S*Iyi:p 


_, 




31 




3C. 


UEL Hthrm.il 




(fBL tenteH 




H4thgdfldDqni 




| Uftl Form#Ming 




SppclfkatieTO 





UBL would complement ebXML by defining a vocabulary for documents. 



divisions using a specific indus- 
try's protocols. Furthermore, 
when businesses need to com- 
municate, an industry leader 
usually determines the ground 
rules, not a standards body. 

Using Electronic Data Inter- 
change (EDI), companies con- 
ducted business on private net- 
works using more expensive 
mainframe tools. With ebXML, 
the data format is a text-based 
XML document that any com- 
pany can use. In addition, 
because transactions travel 
across the Internet, businesses 
don't need to invest in private 
networks. "Now, they can do it 
vastly more cheaply than you 
could under EDI," said Jon 
Bozak, distinguished engineer at 
Sun Microsystems Inc. and 
technical chair for the UBL 
committee. However, either 
standard can be used apart from 
the other. The problem with the 
► continued on page 17 
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Q-Link Uses XForms to Mutate Data 

Latest version of platform puts logic behind application components 



BY DAVID RUBINSTEIN 

The ability to design standards- 
based forms and add business 
logic behind them has been 
added to the latest version of the 
Q-Link Platform, released earlier 
this month by Q-Link Technolo- 
gies Inc. The platform, a Java 
application that creates a level of 
abstraction above the J2EE infra- 
structure to reduce the time and 
cost of building new Java applica- 
tions, provides components and 
tools for the custom creation of 
new components, business rules 
and workflows. 

Greg Wilson, chief technolo- 
gy officer and founder of Q-Link 
(www.qhnktech.com), said the 
UI design tool within version 5 
of the platform is the first to sup- 
port XForms, a specification that 
is in draft form at the World 
Wide Web Consortium for con- 
sideration as a standard. The 
specification defines the creation 
of forms with greater capabilities 
than HTML forms, he said. 

According to Wilson, users 
can design a user interface for a 
step in a workflow, including 
labels, pull-down bars and but- 
tons; the form would be built 
by assembling XForm Com- 
ponents in the platform's 
Process Application Designer 
tool. At runtime, the compo- 
nents execute data queries or 
calls into ERP systems, for 
example, and return XML, 
which then can be translated to 
such things as JavaScript or 
HTML, he explained. The 



forms also can be used to trans- 
late the XML into ActiveX con- 
trols or Java applets, he added. 

Q-Link is one of the tech- 
nologies that media solutions 
provider Unisys Corp. is build- 
ing into its Media Ensemble, 
which will be released next year. 
The goal is to enable traditional 
newspaper organizations to pro- 
vide content for channels other 
than newspapers by repurposing 
editorial content, and to easily 
draw from news wires, their own 
libraries and other outside 
sources to manage multimedia 
content delivery without dupli- 
cating tasks. 

XForm Components will al- 



low Unisys media customers to 
create reusable interfaces to 
access enterprise content repos- 
itories and multiple databases to 
transform the contents of a 
newspaper story, for example, 
into HTML for posting on a 
papers Web site, or for use in a 
broadcast medium, according to 
David Stewart, vice president of 
Media Ensemble Solutions at 
Unisys (www.unisys.com). 

Unisys' current newspaper 
and magazine solution, called 
Hermes, defines a workflow for 
routing editorial copy and ads, 
and moving them through the 
layout and production cycles. 
That workflow, though, is limited 



when newspapers try to look at 
their assets from an enterprise 
level. "Hermes is a sealed envi- 
ronment," said Bob Tilley, Glob- 
al Media Solutions director. "The 
workflow is good within that, but 
die business process workflow 
exceeds that. We want to be able 
to handle that. There's managing 
human resources, or digital asset 
management, that might require 
an integration with PeopleSoft or 
SAP or Avid, so that when an 
activity occurs and needs to com- 
municate widi those other sys- 
tems, it automatically kicks off 
another workflow." 

The Q-Link Platform con- 
sists of the workflow engine, a 



persistent object framework 
and an integration framework, 
and includes tools for creating 
rules, deploying and managing 
components, designing user 
interfaces and defining objects 
to extend data models, Wilson 
said. The components that ship 
with version 5.0 provide routing 
and load-balancing, as well as 
full interaction with UDDI at 
design time; support FTP, SQL 
and IBM's MQSeries messaging 
middleware; and include adapt- 
ers from iWay to provide access 
to SAP and Siebel, Wilson said. 
A "Fast Track" solution starts at 
US$25,000 for the development 
tools and runtime server. I 



MICRO FOCUS BRINGING WEB SERVICES, COBOL TOGETHER 



BY ALAN ZEICHICK 

Micro Focus International Ltd. 
is bringing COBOL and Web 
services together with a new 
version of its Net Express 
development suite for Unix and 
Windows, following through on 
its product vision unveiled 
last December. 

The company was set to 
release the Windows version of 
Net Express 4.0 on May 14; 
general availability for the Unix 
version is scheduled for mid- 
September, according to Ian 
Archbell, vice president of 
product management, who said 
that some customers already 
have been developing and 
deploying applications on early 



versions of the upgrade. 

According to Archbell, the 
opportunities for COBOL re- 
main strong, even among the 
company's traditional IBM-cen- 
tric customers, because "IBM 
has opened a gap with Web- 
Sphere. They're not making it 
easy for customers to use 
COBOL when they want to." 
However, he acknowledged 
that many developers are look- 
ing toward Java, or mixed-mode 
Java and COBOL. "Use 
COBOL for the business rules," 
he argued. 

The biggest changes with 
Net Express 4.0, according to 
Archbell, are its native support 
for Web services. "You can use 



Web services with Java — 
there's no wrappering," he 
said, adding that other 
COBOL implementations 
often use Java calls to enable 
Web services and SOAP func- 
tionality. "Net Express does 
SOAP and JCA directly, not 
just JNI, which is good for 
transactions," he stated. 

He also said that the new 
version makes it easier for 
COBOL developers to read and 
write XML documents directly, 
using a new syntax and lan- 
guage extensions. 

Looking ahead for Net 
Express, Archbell said that 
the company (www.microfo- 
cus.com) is still on track for 



building a .NET compiler for 
its COBOL IDE. He said that 
the .NET functionality would 
be included as part of a future 
version of the Windows prod- 
uct, and not as a separate 
.NET product. "Maybe it will 
be version 4.5," he said, 
adding that .NET developers 
would have a choice of contin- 
uing to use the Micro Focus 
IDE, or plugging the compiler 
and COBOL debugger into 
Visual Studio .NET 

He said that the company 
also is working on a Net Ex- 
press plug-in to IBM's Eclipse 
open-source IDE, which might 
be ready in September or 
October. I 



Staying One Step Ahead of Software Pirates 

Security vendors adding hardware, other anti-theft feature sets 



BY YVONNE L. LEE 

Armed with an International 
Data Corp. study released in 
April indicating that cutting 
down on software piracy by 10 
percentage points can add 1.5 
million jobs and increase eco- 
nomic growth by US$400 bil- 
lion globally, security software 
makers are battling to stay 
ahead of those who would 
decrypt their schemes to illegal- 
ly copy and sell software. 

The IDC study, commis- 
sioned by the Business Soft- 
ware Alliance, shows "that 
when piracy is reduced, the 
majority of the benefit re- 



mained in the country sur- 
veyed," said Bobert Holleyman, 
president and CEO of the BSA 
(www.bsa.org), a trade associa- 
tion established in 1988 to 
reduce software piracy. "The 
biggest beneficiaries are local 
developers, local channel part- 
ners and local IT services in 
those countries." 

The BSA claims that the 
greatest benefit would go to the 
local economies because with 
reduced piracy, local entrepre- 
neurs would have an incentive 
to create software companies. 

The study says that China, 
Bussia and Latin America had 



high piracy rates and that these 
countries had weaker IT ser- 
vices sectors, while the U.S., 
Great Britain and Japan were 
among those with the lowest 
piracy rates. 

The study asserts that 
reducing piracy might increase 
the IT services in the coun- 
tries with high piracy rates. In 
fact, the reverse may be true, 
said David Lynch, vice presi- 
dent of worldwide marketing 
at security vendor Bainbow 
Technologies. Countries with 
strong IT sectors may have 
lower piracy rates because 
people in those countries have 



a different attitude toward 
software intellectual property, 
he said. 

"The general culture doesn't 
respect software IP. They regard 
software in the same way as a 
hammer or a tool: 'I can pass this 
on to anyone I want,' basically," 
he said. 

The trick, security software 
vendors said, is to create an 
anti-piracy scheme that is strong 
enough to prevent hackers from 
undoing it, but fashioned ele- 
gantly enough so as not to annoy 
legitimate users. 

"One of the things we're con- 
cerned about at Aladdin is mak- 



ing sure the end user isn't pun- 
ished," said Boger Wood, senior 
product manager for Aladdin 
Knowledge Systems' Privilege 
anti-piracy software protection 
tools. "You don't want to punish 
the end user, because most of 
them are honest." 

Microsoft irked its cus- 
tomers last year when it intro- 
duced a validation scheme for 
Windows XP and Office XP 
This process requires cus- 
tomers to type in a code when 
installing the software. During 
the installation process, the 
anti-piracy software records 
information about the comput- 
er onto which the software was 
installed. If the customer wants 
to reinstall the software or 
apply a software patch, the soft- 
ware will first check the hard- 
► continued on page 14 
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Reasoning: Build Quality Into Software 



BY DAVID RUBINSTEIN 

Reasoning Inc., a provider of a 
hosted software quality-assur- 
ance service, is counting on a 
new chief executive officer and 
a move into the Java world to 
bring the company closer to its 



goal of profitability. 

William Payne formally took 
the reins from Scott Trappe on 
March 31, when Payne said the 
company was gearing more 
toward sales, marketing and 
product rollouts than it had 



been. In October 2001, the 
company said it was on track to 
become profitable in 12 months. 
While Payne would not discuss 
specific finances of the privately 
held company, he said Reason- 
ing is "moving in that direction." 



Seeing Java as a potential 
growth area, Reasoning (www 
.reasoning.com) in late April 
announced Inspection Services 
for Java, an automated way to 
analyze and inspect Java code 
for defects. Now, Payne said, 
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Reasoning is 
planning to 
expand into 
rules-based 
measurement, 
says Payne. 



the company has three defect 
categories in the service — null 
pointer dereferences, out-of- 
bounds array access and invalid 
string comparisons. More will 
be added later this year, Payne 
said. Looking to the future, 
Payne said Reasoning will 
expand beyond its static code 
analysis into the area of rules- 
based measurement. 

Inspection Services for Java 
continues the hosted, automat- 
ed nature of the company's dis- 
continued Instant QA brand. 
Java code is collected and run 
through utilities to prepare it 
for analysis, Payne explained. 
Then it is run through an auto- 
mated set of servers that throw 
up indications of 
problems within 
the code. False 
positives are run 
through another 
set of servers for 
removal, he con- 
tinued, with the 
final stage result- 
ing in defect 
reports for man- 
agers and soft- 
ware engineers. 
The turnaround 
is five to 10 business days, 
Payne said, with a cost of rough- 
ly 18 cents per line of code. 

"We have reviewed 75 mil- 
lion lines of code, and we'll be 
using that as a macro metric" to 
help customers see where their 
development efforts stand 
when compared with other 
industry projects, Payne said. 
"It's not just getting the data but 
what you do with it," he added. 
"People are using the data to 
improve their processes." 

With the new service, Rea- 
soning is trying to move quali- 
ty assurance closer to its name, 
according to product mar- 
keting director Jeff Klagen- 
berg. "There's a difference 
between assuring quality and 
testing for it," he said. "What 
we're doing actually is quality 
control, as part of a customer's 
existing process. We're not a 
new process." 

Another macro metric the 
company plans to publish is an 
index that shows an average 
number of defects per lines of 
code. "We focus on defects and 
show clients how they compare 
against other development 
shops," Payne said, allowing 
them to gain a clear under- 
standing of the quality and 
maturity of their code. I 
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Quest Releases J2EE Diagnostic Suite 



Incorporates Sitraka tools for top-to-bottom monitoring and repair 



BY DAVID RUBINSTEIN 

Completing an integration with 
the tools acquired with Sitraka 
Software Inc., Quest Software 
Inc. on May 13 released Quest 
Central for J2EE, a tool set for 
system monitoring and applica- 
tion diagnostics that comprises 
Foglight for J2EE, Performa- 
Sure 2.1 and JProbe 5.0. 

"We believe we now have 
unrivaled depth of coverage in 
the J2EE space," said Josephine 
Coombe, director of product 
marketing for J2EE solutions. 
"This gives views from top-level 
monitoring to diagnostics to code- 
level inspection. The focus is to 
help customers accelerate the 
detect-diagnose-repair cycle." 

Quest Central for J2EE will 
include PerformaSure 2.1, 
which was to be released in 
conjunction with the larger 
offering. New features in Per- 
formaSure include a "fast 
find" button that works off a 
list of defined metrics to give 
users a quick way to highlight 
infrastructure, code or data- 
base calls that might have 
caused problems, according to 
Brad Micklea, Quest's product 
marketing manager for J2EE 
solutions. 

"In a test environment, peo- 
ple might have the luxury of 
time to find problems," Micklea 
said. "In a production environ- 
ment, literally every minute you 
lose is lost revenue. This puts 
pressure on people to solve 
problems as soon as possible." 

Also new to PerformaSure 
2.1 is a dual-mode agent that 
lets users define thresholds in 
Foglight that trigger Performa- 
Sure data sessions when those 
thresholds are approached, giv- 
ing data before the thresholds 
are exceeded to help deter- 
mine the cause of any failures, 
Micklea explained. 

JProbe 5.0, released in April, 
offers improved performance, 
especially on the Solaris plat- 
form, for use in drilling down to 
a specific line of code to repair 
a problem, Coombe said. 

The company (www.quest 
.com) plans to release version 
4.0 of Foglight for J2EE in 
July, adding a connector called 
Spotlight on Siebel Response 
Time that leverages the exist- 
ing Siebel agent to look at calls 
from the client to diagnose 
problems. "It adds what we're 



calling a business perspective 
interface," said Chris Spacko, 
Quest's product marketing 
manager for monitoring solu- 



tions. "This gives a business 
analyst a complete application 
perspective, showing response 
times for various transactions. 



You can see how the database 
and Web server, for instance, 
are performing in one central 
view." The company plans to 



add a Spotlight on Oracle 
agent for monitoring database 
functionality by the end of the 
year, Spacko said. 

The company has not set a 
price for Quest Central for 
J2EE; customers will continue 
to buy the products individual- 
ly. Micklea said Quest is review- 
ing its pricing plans. I 



Think you're using the best tool? 




f^* 30 



Think again, 




IDEA 3.0 



Bowei-packed with unparalleled ^factoring 
support, tuper intelligent code editing 
and completion assistance, a wide range 
of J££E development features tor rapid 
Web application and other enterprise 
development, a powerful Code Inspection 
tool, tight integration with Ant and JUnit, 
and a mountain of other productivity 
features for Java developers. 

Intellij IDEA is simply the best Java 
development environment availahte. 



IntetiiJ IDEA, the Integrated tfevetopment 
environment for Jew that wtil boost 

your productivity! 

There are only 24 hours in a day r Use 
them wisely. 

Download IDEA, 3.G and experience the 
only award-winning Jaro IPi that provides 
the ease-of-use-r control and flexibility you 
demand,, at a price you can afford. 



Develop with pleasure! 

j^BRAINS 



www.intellij.com 



8 



NEWS 



Software Development Times . May 15, 2003 



www.sdtimes.com 



Glider Runs J2EE Apps Locally for Testing 



BY YVONNE L. LEE 

Ensemble Systems Inc., a 
Richmond, British Columbia- 
based consulting and J2EE ser- 
vices firm, is shipping software 
it developed as a result of solv- 



ing its own problem: how to J2EE applications by enabling 



test J2EE applications without 
the overhead of a full applica- 
tion server. 

The new software, Glider, 
shortens the time it takes to test 



developers to run the applica- 
tions locally while testing them. 
Glider consists of its user 
interface and a simulated J2EE 
server. The J2EE server has a 



Web container and a simulated 
Enterprise JavaBean container. 
With it, developers can test EJB 
1.1 and 2.0 beans locally, and 
then worry about server configu- 
ration issues separately. This 
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makes it possible to code, com- 
pile and debug applications with- 
out having to start the servers, 
and then package and deploy the 
application before debugging. 

Also, separating the program- 
ming issues from server-specific 
issues makes it easier to trou- 
bleshoot where the issues arise. 

"By the time you get to 
the server, your business logic 
should be fine," said Mike 
Bacinschi, founder and presi- 
dent of Ensemble (www 
.ensemble-systems.com). 

Glider is available immedi- 
ately as a stand-alone applica- 
tion, an Eclipse plug-in or a 
plug-in for IBM's Rational XDE 
model-based development suite. 
Glider also will run embedded 
within an upcoming release of 
IBM's Rational Rose UML mod- 
eler. The stand-alone version will 
work with any text editor, so 
developers can create and modi- 
fy the code in the text editor and 
use the Glider environment to 
test and debug the application. 

Glider costs US$499 per seat. I 

LIBERTY DRAFTS 
SECOND IDENTITY 
SPECIFICATIONS 

BY YVONNE L. LEE 

The Liberty Alliance, a multi- 
vendor group seeking to estab- 
lish a common system for sign- 
ing onto networks, in mid- April 
released drafts of its Phase 2 
specifications for creating and 
managing federated identity- 
based Web services. 

Federated identity manage- 
ment makes it possible for a 
person or service to be recog- 
nized in personalized services 
across multiple Web sites while 
taking into account both securi- 
ty and privacy across those sites, 
without requiring a single re- 
pository for that information. 

The organization also issued 
implementation guidelines and 
best-practices documents for 
complying with local regula- 
tions and creating a more 
trusted relationship with busi- 
ness partners. The guidelines 
address global privacy laws, 
security recommendations, 
user choice and control recom- 
mendations, and guidelines for 
protecting against Internet vul- 
nerabilities. 

The Phase 2 drafts and relat- 
ed privacy and security docu- 
ments are available at www 
.projectliberty.org. The final ver- 
sion is due in the third quarter. I 
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, COMPANIES , 




WebMethods Inc. and Informatica Corp. have jointly developed the 
Business Activity Platform, which combines the companies' integra- 
tion and extract-transform-load (ETL) utilities. Both companies will be 
selling the solution . . . Open Source Development Labs Inc. has 

appointed Stuart Cohen to the newly created position of CEO. The Lin- 
ux advocacy consortium plans to increase the number of sponsors and 
attract Global 2000 corporations to join the organization. Previously, 
Cohen was VP of marketing at RadiSys Corp. 



PRODUCTS 




Atalasoft Inc. has announced a new .NET imaging component, Dot- 
Image. Written in C#, the component will add raster, document and 
ASP.NET Web imaging functions to .NET applications. A beta release 
was scheduled for May 13, and general availability is planned for early 
July . . . Fiorano Software Inc. has released Tifosi 2002 ESB, an 
enterprise service bus system that works in conjunction with the com- 
pany's Java-based Tifosi integration broker suite . . . InstallShield 
Software Corp. has upgraded its hosted InstallShield Update Service 
to provide background downloads and download restarts. The compa- 
ny also now allows enterprises to host and manage the service inter- 
nally . . . BX for Java is a new graphical IDE from Integrated Comput- 
er Solutions Inc. that lets developers prototype and build 
pure AWT or Swing applications. BX costs US$1,050 for 
Macintosh or Windows versions, $1,925 for Linux, $2,275 BrOf J 
for Unix or $3,500 for all platforms . . . Shunra Software Ltd. has 
released Storm 3.0, an update to its WAN emulation suite for software 
performance testing. The new version creates a mirror of the existing 
enterprise network, which can be used to combine WAN performance 
metrics with end-user emulation . . . JNBridge LLC has updated its 
JNBridge Pro tool, which extends Java classes to run on .NET. The 
new version, 1.3, allows transactions via thread-true classes, supports 
pass-by-value of data between objects, and provides direct mapping 
between Java and .NET collection classes. It also allows J# applica- 
tions to call Java classes . . . Phaos Technology Corp. is offering a Java 
Cryptography Extension developers' toolkit for Sun's Crypto Acceler- 
ator 1000 server . . . Version 3.1 of Dundas Chart for .NET, from Dun- 
das Software Ltd., includes an advanced charting wizard and the abili- 
ty to draw 3D cylinder charts or add interlaced strip lines to graphics. 
It also has expanded statistical features, including normal distribu- 
tions, ANOVA and T-distributions. 



_l_ 



PEOPLE 



XML appliance vendor DataPower Technology Inc. has hired Jim 
Ricotta as president and CEO. Ricotta, who previously was general 
manager of Cisco's content networking division, takes over from 
founder Eugene Kuznetsov, who remains chairman and CTO. 



, STANDARDS , 



BPEL4WS, one of several competing specifications for Web services 
choreography, has been submitted to OASIS. The Business Process 
Execution Language for Web Services spec was initially developed by 
BEA, IBM and Microsoft. The rival Web Services Choreography Inter- 
face (WSCI), developed by BEA and Sun, was turned over to the W3C in 
August 2002 . . . Several security vendors have proposed an XML-based 
vulnerability classification schema through OASIS. The vendors — 
Citadel, GuardNet, NetContinuum, SPI Dynamics and Teros — offered the 
Application Vulnerability Description Language to help define appli- 
cation vulnerabilities across the development life cycle. The group 
expects a final specification by the end of the year . . . The Java Com- 
munity Process is offering a public review of JSR-185, Java Technol- 
ogy for the Wireless Industry; this spec provides an overall architec- 
tural description of wireless Java clients, and wraps eight separate 
JSRs that cover mobile devices. There is also a proposed third final draft 
of JSR-151, Java 2 Enterprise Edition 1.4, and two of its subspecs, 
JSR-152, JavaServer Pages 2.0 and JSR-154, Java Servlet 2.4. 
The proposed second final draft was released in November 2002. 1 



Sunopsis Offers Real-Time ETL 

Java-based engine leverages native database calls 



BY ALAN ZEICHICK 

From Europe to North America: 
Sunopsis S.A., an Ecully, France- 
based data-integration vendor, is 
making its debut appearance in 
die U.S. with version 3.1 of its 
eponymous ETL server. The 
Java-based product aims to go a 
step beyond traditional extract- 
transform-load (ETL) utilities by 
providing a wide variety of con- 
nectors for databases and enter- 
prise applications, as well as for 
custom-written apps. 

Sunopsis 3.1 was due to be 
released on May 5. 

Yves de Montcheuil, direc- 
tor of product marketing, said 
that more than 230 customers 
are using Sunopsis in Europe, 
although some also are using 
the product in the U.S., and are 
supported out of the Beverly, 
Mass., office (www.sunopsis 
.com), which opened in 2002. 

The goal, said de Montcheuil, 
is to allow companies to share 
and manage data from disparate 
sources — without die complexity 
of traditional ETL and EAI solu- 
tions. "The ETL approach is to 
manipulate some data, extract it 
and load it in a batch mode. 
You're only going to read from 
production applications, as 
sources, and write typically to a 
data warehouse. The challenge is 
to integrate a real-time dimen- 
sion to track changes to the data 
and propagate it to multiple 
applications." 

Another problem, he said, is 
that ETL solutions were de- 
signed for data warehousing, 
and rarely had the capability to 
write data directly back to pro- 
duction applications. 
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Sunopsis includes a graphical tool for designing extract and transforma- 
tion operations. 



On the other side of the 
coin, he said, EAI-type tools 
can read and write production 
applications in real time — but 
because they don't go to the 
databases directly, they suffer 
from slow throughput. "If you 
only want to move a few 
records per second, and don't 
mind using proprietary con- 
nectors or Web services, that's 
fine. But if you want to handle 
tens of thousands of records 
per minute, you're reaching 
the limit of the EAI architec- 
ture." EAI also falls short, he 
said, when it comes to per- 
forming complex data trans- 
formations. 

By contrast, Sunopsis is an 
ETL application that can run 
within a J2EE app server, and 
which both reads and writes to 
multiple enterprise apps, de 
Montcheuil said. New with ver- 
sion 3.1, Sunopsis also can han- 
dle real-time data synchroniza- 



tion. "It bridges the ETL and 
EAI markets. It manipulates 
the data using traditional func- 
tions, and it works both batch 
and real-time mode." 

The real-time approach is 
handled by a built-in message- 
oriented middleware layer, 
called Sunopsis MQ, and an 
engine that can automatically 
detect data changes, he said. 

The read/write connectors 
work with Oracle Applications, 
SAP R/3 and other packaged 
applications, as well as with 
relational databases. To im- 
prove throughput, de Mont- 
cheuil said, the transformation 
engine orchestrates the work of 
the database engines. 

Pricing is based on develop- 
er seats, with unlimited connec- 
tivity to sources and targets 
with a single license. Sunopsis 
is priced at US$49,950 for the 
first two developers, and then 
$14,000 for additional seats. I 



WEB-BASED DEFECT TRACKING IS ELEMENTOOL 



BY DAVID RUBINSTEIN 

Elementool Inc., a 3-year-old 
New York-based company, has 
released version 4 of what it calls 
the first-ever Web-based track- 
ing system for software defects. 
By hosting the system on its 
Web site, according to founder 
and CEO Yaron Sinai, Elemen- 
tool (www.elementool.com) can 
eliminate the upfront costs of 
purchasing defect-tracking soft- 
ware. "If you have a short project 
and need the tool for three 
months, you can use it, pay 
monthly, and when you're done, 
you close die account," Sinai said. 



Sinai said he noticed that 
when he was QA manager for a 
software company in Israel, 
most organizations tracking 
defects were using Microsoft 
Word documents or Excel 
spreadsheets. There were no 
Web-based tools, he said. 

Elementool is set up by 
accounts, Sinai said; customers 
log in to dieir account and create 
users, set priorities for repairing 
bugs, and create tasks for devel- 
opers. New in version 4.0 is the 
ability for customers to manage 
more than one project from a 
single account. Also new are low- 



er rates for multiple projects and 
a Quick Beports feature that 
allows users to save settings for 
use in multiple reports, Sinai 
said. 

A basic version of Elemen- 
tool, which allows for the stor- 
age of 200 issues, e-mail notifi- 
cation and unlimited users, is 
free. An advanced edition for 
2,000 issues, with no banner 
ads and advanced reporting 
capability, costs US$39.99 per 
month; a professional edition 
costs $59.99 per month and 
adds file attachments and a his- 
tory trail to the feature set. I 




Does your software give you a better way to monitor and manage 
application development? Ours does. 

Our software goes to great lengths to help you optimize application development projects, so you won't 
have to. AFlFusfon"" is Computer Associates' comprehensive and flexible application lifecyde management 
solution . Whether your projects ore in .MET, JAVA or the mainframe, you can transparently monitor and 
manage all phases of application development, including people, process, and tools. And that means you 
won't Just finish prefects on time. You'll deliver them within budget, ca.comr'aHnjsion 
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Logic Library Plugs Logidex Into WebSphere 

Gains extensibility and leverages full functionality from Studio Application Developer 



BY ALAN ZEICHICK 

LogicLibrary Inc. on May 13 
released an update to its Logi- 
dex content repository that sig- 
nificantly changes the extensi- 



bility of the product, according 
to the company. 

"Version 2.0 is a major step 
forward in moving closer and 
closer to what enterprise cus- 



tomers need and want in an 
asset metadata library like 
Logidex," said Brent Carlson, 
co-founder and vice president 
of technology. "We feel we have 



an enterprise-strength product 
with this version." 

Most significant, he said, is a 
plug-in into IBM's WebSphere 
Studio Application Developer 
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(WSAD), and a peer plvig-in for 
the Eclipse open-source IDE. 
"It's not a simple 'I can launch a 
browser into the IDE' capabili- 
ty that [other vendors] have; we 
can take advantage of the full 
palette of functions that the 
IDE provides. Logidex just 
becomes a seamless part of a 
developer's day-to-day environ- 
ment," he said. 

The new version also offers 
extensibility through what Carl- 
son calls the Anysource SDK. 
"It's a series of Web services- 
based APIs that enable easy im- 
plementation of automation 
either for bulk load of assets, or 
integration with external systems 
like version-control repositories.'' 

The WSAD plug-in takes 
advantage of a new set of user- 
facing SOAP APIs, added Carl- 
son, for searching, retrieving 
assets and storing projects. "One 
could use those for other inte- 
gration, such as integrating into 
an in-house developer portal." 
Those APIs also leave the door 
open for future plug-ins for oth- 
er commercial IDEs, he said. 

The final change, Carlson 
said, is an open reporting frame- 
work, where customers can 
plug any reporting engine into 
the environment. "We expose 
the persistent information that 
Logidex holds onto through a 
set of read-only database views, 
and also provide a presentation- 
layer framework that lets devel- 
opers plug the reports back into 
the Logidex user interface. 
That makes [the reports] seam- 
lessly accessible." 

Logidex 2.0 runs on AIX, 
Red Hat Linux and Solaris, and 
uses either DB2 or Oracle9iDB 
as its repositoiy. Pricing ranges 
from US$1,000 to $1,500 per 
seat, said Carlson, plus server 
pricing. A typical installation for 
75 to 100 users costs about 
$95,000, he said. 

The company (www.logic 
library.com) also has launched a 
free online asset portal, which 
kicked off with a collection of 
core J2EE patterns contributed 
by Sun Microsystems Inc. 

"We will add new content 
for free on the Asset Center, 
both to expose people to the 
idea of a component repository, 
and to highlight our graphical 
search for those assets," said 
Greg Coticchia, LogicLibrary's 
CEO. The repository is at www 
.logidexassetcenter.com. I 






The Anatomy of a Complete 
Development Solution 









4th Dimension 2003 provides an environment 
for Rapid Application Development with an 
integrated database. Standalone applications 
can quickly and easily be created for both 
Windows and Macintosh platforms (including 
Mac OS X), 
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The same application can easily be Web- 
enabled, with complete scalability -from 
single-tier to three-trer architectures. With 
an emphasis on security, 4D technologies 
are robust enough to run the US Army's 
Web servers. 
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SOLUTION 
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With no additional coding, your standalone 
application can be deployed in a client- server 

environment Supporting mixed platform 
connectivity and automatic application 
distribution, 4th Dimension 2003 radicaJly 
increases deployment efficiency. 
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the fast track to application integration, 
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PIRACY 



4 continued from page 4 

ware against the initial descrip- 
tion. If too many things vary, 
the software won't load. The 
idea behind this scheme was 
that if a program was licensed 
for one and only one computer, 
checking the hardware would 



ensure it wasn't being loaded 
onto another. 

"The important factor here 
is, let's make a flexible solution 
so that the publishers and dis- 
tributors can say, 'Let's look at 
our customer base, and what 
can I lock the software to?'" 
said Wood. "How many of those 
fingertips can I change before 



my fingerprint is changed?" 

This could be a problem for 
customers who frequently up- 
grade their computers. It also 
could be a problem when cus- 
tomers get rid of an old system 
and install their software onto 
a new one. In both these cases, 
legitimate customers would be 
inconvenienced by having to 



call in to technical support to 
get a new code to reinstall the 
software. 

Security vendors most want 
to concern themselves not with 
these instances of what they call 
casvial copying, but with the 
more malicious copying that 
can cost ISVs in lost sales and in 
having to support customers 
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who didn't buy the product. 

"The malicious aspect comes 
from people putting up cracks, 
people putting up Microsoft 
leaks, people trying to hack our 
products in order to sell pirated 
versions of programs — that's 
malicious," said Tom Ybarra, 
Rainbow's product manager for 
software security products. 

Microsoft again was in the 
news in this area in April when 
a customer posted a volume- 
licensing key for Windows 
Server 2003 on the Internet. 
The key sequence is designed 
to reduce the headaches of 
installing software at large orga- 
nizations. These sites can pur- 
chase unlimited seat licenses 
that require the software key 
but don't check any hardware 
profiles. Microsoft beta sites say 
the volume licensing key works 
with three different versions of 
Windows Server 2003. 

To stay ahead of those who 
might crack their encryption 
software or leak codes, anti-pira- 
cy vendors are taking the next 
step: including hardware in their 
software protection systems. 
This is similar to having an ATM 
card to get money from the 
bank. It's not enough to know 
the PIN; you must have a card 
verifying who you are and your 
right to access the account. Cus- 
tomers installing software not 
only must type in a key code, but 
also must have a piece of hard- 
ware, usually plugged into the 
USB port, to install software. 

This is not foolproof. For 
instance, some hardware "don- 
gles" are nothing more than 
memory with a product code 
installed. Encrypted or other- 
wise, that information could 
easily be mimicked in software. 

To get past this, dongle mak- 
ers are creating more complex 
dongles that issue a "chal- 
lenge," or an electronic ques- 
tion that must be answered 
with a new response each time 
the device is used. That way, 
even if the information in mem- 
ory is copied, it won't be the 
appropriate response, and the 
product won't install. 

The decision here for devel- 
opers is determining how much 
and what kind of anti-piracy 
protection is appropriate for 
the kind of software they are 
distributing. 

"So, before you even consid- 
er implementing security, you 
have to go through a cost-value 
analysis," said Lynch. "For 
instance, this key costs $48. If 
your unit price is $100, you're 
not going to consider that." I 
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BORLAND 



- continued from page 1 

cally the same functions and 
features as Borland's other 
Windows development tools, 
according to Borland's Simon 
Thornhill, such as C++ Builder, 
JBuilder for Java, and the 
Object Pascal-based Kylix. The 
major difference is that C# 
Builder is purely for .NET, 
including WinForms, Web- 
Forms, ASP.NET and ADO 
.NET applications. There is 
no option to compile Win32 
binaries, and Borland has no 
plans to support other plat- 
forms, he said. 

Thornhill is Borland's vice 
president and general manager 
of rapid application develop- 
ment solutions. 

Due to the company's licens- 
ing of Microsoft's .NET Frame- 
work SDK in January, develop- 
ers will not need to install 
Visvial Studio .NET or down- 
load .NET components from 
the Microsoft Web site. The 
necessary portions of the 
Microsoft stack are included 
with C# Builder, including the 
Common Language Runtime 
and Microsoft's C# compiler, 
which Borland uses in the IDE. 

The company also hinted at 
its next step for Windows, 
which would be a complete 
application life-cycle manage- 
ment suite based on the C# lan- 
guage — analogous to its Bor- 
land Enterprise Studio for Java, 
which combines the JBuilder 
IDE, Together modeling soft- 
ware and Optimizeit perfor- 
mance-management tools. 

"We are announcing that 
we'll introduce the complete 
application life-cycle manage- 
ment for .NET At this stage it 

FOUR EDITIONS 
OF C# BUILDER 

$69 - Personal: 

Basic C# development, 
WinForms, WebForms 

$999 - Professional: 

Adds development of 
ASP.NET, AD0.NET; code 
visualization, local databases 

$1,799 - Enterprise: 

Permits access to enterprise 
databases; C0RBA/J2EE 
integration 

$2,499 - Architect: 

Model-driven framework, 
UML import/export 

All prices are in U.S. dollars. 



is a strategy announcement, but 
at a later stage we will be deliv- 
ering all the pieces combined 
together," Thornhill said. "We're 
not announcing when it will be, 
but we're announcing the 
intention that as we have a Java 
application life-cycle solution, 
we'll have a .NET life-cycle 
management solution." 



SAY IT WITH .NET 

While Thornhill said that "a lot 
of IT organizations don't want 
to be locked into any particular 
platform," such as Java or 
.NET, he was very definite that 
C# Builder is a .NET-only 
product. The company, he said, 
is unlikely to bring the language 
to other platforms, such as to 



Linux, native Win32 or even to 
compiling for a Java Virtual 
Machine. 

"As C# is a standard, if other 
vendors make it so that a C# 
application can run, say, on Lin- 
ux, that would be fine," said 
Thornhill. "It really isn't a focus 
for us — if others want to take it 
to other places, we're happy to 



let them, and to support them 
by being standard-based." 

Borland will be releasing 
four versions of C# Builder, tar- 
geting personal and enterprise 
developers, with prices ranging 
from US$69 to $2,499, some- 
time midyear; Thornhill would 
not be more specific about the 
timing of the releases. I 
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WS-I Tools Test Against Profile 

Reports show if services meet guidelines 



BY YVONNE L. LEE 

The Web Services Interoperability 
Organization released in April a pair 
of testing tools to assess how well appli- 
cations meet the organization's WS-I 
Basic Profile. 

The two tools, used together, produce 
a report that indicates whether a Web ser- 
vice meets the guidelines of the WS-I 
Basic Profile, which specifies information 
about how Web services define them- 
selves, register themselves in a repository, 
and communicate back and forth. 

The test suites are available in C# and 
Java implementations, so that they will 
work with Web services built using 
either Microsoft's .NET or J2EE. 

The Web Service Communication 
Monitor captures and stores messages 
exchanged between Web services and 
the software that invokes them. 

The other tool, the Web Service Pro- 
file Analyzer, evaluates messages cap- 
tured by the Web Service Communica- 
tion Monitor, and validates information 
left over from the description and regis- 
tration of the Web services. That infor- 



mation includes Web Services Descrip- 
tion Language documents describing 
the services, and XML schema files 
describing the data types. 

After analyzing the information, the 
Web Service Profile Analyzer produces a 
detailed report indicating whether the 
Web service meets the guidelines of the 
WS-I Basic Profile. The report indicates 
specific deviations and failures in the 
event that the Web service failed to 
meet the requirements. 

Prerelease versions are available 
now from the organization's Web site 
(www.ws-i.org). The tools have been 
designed to allow for expansion to test 
future profiles. 

"The tools are currently feature-com- 
plete," said Jacques Durand, chair of the 
WS-I's test tools working group and 
director of industry relations at Fujitsu 
Software Corp. "We are spending time 
testing the tools themselves." 

WS-I is requesting public comment 
on the tools. Final versions are expected 
in the third quarter following the final 
release of the WS-I Basic Profile 1.0. I 
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4 continued from page 1 

UBL effort, said Bon Schmelzer, senior 
analyst at ZapThink LLC, a research 
firm specializing in XML and Web ser- 
vices, is that not only do businesses con- 
duct few transactions across industries, 
there is also little overlap in the docu- 
ments used across industries. 

"The percentage they have in com- 
mon is very small," he said. "[The stan- 
dard] may be good enough to do address- 
es, but to do anything important in a 
business, you have to negotiate anyhow." 

Bozak acknowledged that incorporat- 
ing all the different fields used in all the 
different industries could result in an 
unwieldy standard. "We're trying to 
solve 80 percent of the problems with 20 
percent markup." 

Analysts say that for all its good inten- 
tions, the standard for business documents 
will be settled die same way that societies 
settle on a language for business commu- 
nication: by doing what die major eco- 
nomic powers want diem to do. 

"There is a certain amount of de facto 
standardization diat is happening already," 
said Daniel Sholler, vice president of tech- 
nology research at Meta Group Inc. "I call 
that the Wal-Mart effect. Wal-Mart 
decides to do something, and every con- 
sumer products company adheres to it." 
The companies that need to do business 
with one anodier electronically will use 
formats specified by the large businesses 
in their industries, he said. 

However, there isn't a business incen- 
tive for large companies to change their 
business documents to formats that hap- 



pen to be used in other industries where 
they may not have trading partners, 
Sholler said, and even large organizations 
with many trading partners may not need 
to standardize to a single format. "It's 
hard for me to imagine that the govern- 
ment's going to come up witii a common 
set of business objects for how they pur- 
chase electricity to electrify the fence on 
the Mexican border, to buy toilet paper 
for the FBI office in Chicago, and buy 
the B-l bomber," he said. 

One indication that businesses and 
customers aren't driving the UBL effort 
is the absence of computer industiy 
"heavyweights," ZapThink's Schmelzer 
pointed out. Instead, he said he believes 
UBL is a Sun-driven effort. 

"If there was customer drive, it's hard 
to see how IBM and Microsoft would not 
be involved in this," Schmelzer said. The 
only major technology player besides 
Sun involved in the effort is Hewlett- 
Packard, which has a single representa- 
tive. "If Jon Bozak was not driving this, 
it's hard to see how even Sun would be 
behind this," he added. 

Both Schmelzer and Meta Group's 
Sholler said they believed that if the 
UBL effort did not succeed, cross- 
industry specifications would come 
about organically. 

The UBL committee has liaisons with 
the insurance, retail sales, electronics, 
health care, convenience stores, banking, 
utilities, optical supplies, information 
technology and accounting industries. 

The updated draft version of UBL fin- 
ished review in April. Version 1.0, expect- 
ed in May, will incorporate comments 
from that review. I 
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Voice Enablement Closer to Science Fact 

Kits coming to market permit application control with just a few words 



BY EDWARD J. CORREIA 

Meet George Jetson. In his 
futuristic cartoon world, devices 
are activated and controlled only 
by spoken commands. Fantasy? 
Perhaps today, but recent 
announcements from a pair of 
companies may bring that vision 
closer to reality far sooner than 
anyone thought. 

Sensory Inc., which manu- 
factures embedded speech 
microcontrollers for all manner 
of electronic devices, in late 
April unveiled Voice Direct II 
Speech Recognition Kit, a sub- 
US$50 development kit that it 
claims permits developers to 
add voice-recognition capabili- 
ties to any electronic device, 
including appliances, set-top 
boxes, remote controls, cars 
and Internet devices, enabling 
them to be controlled with just 



a few voice commands. 

The hardware and software 
kit is built around Sensory 's 
Voice Extreme speech-recogni- 
tion processor, which constantly 
listens for one, two or three key 
"trigger words" or phrases to be 
spoken. These words reported- 
ly activate the speech recogniz- 
er, which listens for as many as 
15 additional words or phrases, 
called command words, which 
then link to a physical interface 
to operate peripherals. The 
devices recognition system is 
set up to know the voice of 
its trainer, or up to three peo- 
ple, and therefore is language- 
independent. 

Earlier in the month, the 
company (www.sensoryinc.com) 
updated several of its other 
development tools and in- 
troduced Text-to-Speaker-Inde- 



pendent Recognition (T2SI), a 
new technology that it claims 
permits speech recognition that 
is independent of the person 
speaking, and simplifies down- 
load of recognized-word files 
onto embedded firmware. 

Also improved, according to 
the company, are Sensory 
Speech 7, the development 
environment for the company's 
flagship RSC-4x circuit, which 
now includes better noise filter- 
ing; and Quick Synthesis 4.1, its 
low-bitrate compression utility 
that now includes a simplified 
interface. Roth tools are free to 
RSC-4x customers. 

LETS APPS BEVOCAL 

For developers hesitant or lack- 
ing the resources to set up the 
voice server required to voice- 
enable apps and Web services, 



BeVocal Inc. has one solution. 
The company, which develops 
and markets carrier-grade call 
automation systems, in late 
April introduced Hosting Lite, 
a self-provisioned telephony 
hosting service that developers 
can use to develop, test and 
deploy small-scale VoiceXML- 
based services ranging from 
call-center automation to out- 
bound alerts and online-reser- 
vation and purchasing systems. 
For a starting price of 
US$500 per month, developers 
receive access to ReVocals Web- 
based development environ- 
ment (http://cafe.bevocal.com), a 
URL and a toll-free number to 
link inbound or outbound 
callers with their applications. 
The monthly fee includes 3,000 
minutes per month for as many 
as five simultaneous callers. 



Monthly plans scale up to $4,250 
per month for 45,000 minutes 
and 15 simultaneous callers. The 
site includes grammar and 
prompt libraries and other tools 
to help developers build, debug 
and deploy VoiceXML 2.0- 
compliant applications. 

According to Kevin Stone, 
senior director of products at 
ReVocal, the service fills a need 
for companies looking to test and 
deploy voice apps for minimum 
cost. "Hosting Lite gives devel- 
opers a way to test, showcase and 
launch applications without any 
cost or long-term commit- 
ments," he said in statement. 
Once the business case has been 
demonstrated, developers can 
elect to upgrade to BeVocals 
Foundation VoiceXML Hosting 
Service, which offers guaranteed 
capacity, support and service. I 



Microsoft: CE .NET 4.2 Solves Compatibility Issues 

API extensions help application portability without recompiling 



BY EDWARD J. CORREIA 

SAN FRANCISCO — When 
Microsoft Corp. releases Win- 
dows CE .NET 4.2 sometime in 
the next few months, the need to 
recompile applications before 
targeting different versions of 
embedded Windows will be a 
thing of the past. That's the 
claim the company made at the 
Embedded Systems Conference 
here in late April about its latest 
embedded operating system, 
which also reportedly will in- 
clude enhancements to net- 
working, Rluetooth, browsing 
and multimedia. The company 
has released the new version to 
manufacturing, but has not yet 
set a date for general availability. 

Jeana Jorgensen, a product 
manager in Microsoft's Embed- 
ded and Appliance Platforms 
group, acknowledged that prior 
to version 4.2, there were com- 
patibility issues between the 
current and older versions of 
the company's embedded oper- 
ating systems. "There was no 
compatibility between Win- 
dows CE 4.0 and 4.1, and Pock- 
et PC. And applications built 
for Pocket PC or Windows CE 
4.0 wouldn't run properly on 
Windows CE .NET" 

Those incompatibility prob- 
lems have been solved, she said, 



thanks to AYGShell API exten- 
sions, an API set that develop- 
ers can now include with an 
operating-system image. "This 
pulls in APIs that are standard 
across all devices. Reginning 
with Windows CE .NET 4.2, 
[developers] can write an appli- 
cation for CE and run it on 
Pocket PC without the need to 
be modified or recompiled," 
provided the processors on both 
machines are identical and that 



the apps both call identical sets 
of APIs. The change applies 
only to native applications, not 
managed apps running inside 
Microsoft's CLI runtime. 

Jorgensen said version 4.2 
also beefs up multimedia capa- 
bilities and performance, includ- 
ing an implementation of Win- 
dows Media Player 9, which she 
claimed delivers faster, better 
rendering and media streaming. 
Pocket Internet Explorer is now 



compliant with the IPv6 specifi- 
cation. Also enhanced are Rlue- 
tooth capabilities, with the addi- 
tion of Rluetooth network and 
modem gateway features, Rlue- 
tooth keyboard and mouse 
input, and integration with the 
Cambridge Silicon Radio (CSR) 
Rluetooth chip set. 

Windows CE .NET also now 
can act as a firewall, file or print 
server and includes a Layer 2 
Tunneling Protocol/IPSec stack 



plus sample code to aid develop- 
ment of other services, including 
boot-time start, remote adminis- 
tration, X10 controller, network 
time server, Internet-based net- 
work bridge, and a service for 
acting as a simple picture server. 
Formerly code-named "Mc- 
Kendrick," Windows CE .NET 
4.2 will be the first to include a 
release version of its Compact 
Framework runtime environ- 
ment; participants in Micro- 
soft's Premium Source program 
will be permitted to make 
changes to the source code and 
distribute those changes within 
their products. Pricing was not 
disclosed. I 



TARARI AIMS TO SPEED XML PROCESSING 



BY YVONNE L. LEE 

Intel spin-off Tarari Inc. 
announced at Networld+ 
Interop in Las Vegas late 
last month a board that it 
says makes XML and Web 
services applications run 
more efficiently, taking over 
the more taxing portions 
of the application and run- 
ning them on a separate co- 
processor. 

The idea of the board, 
which the company calls an 
XML content processor, is sim- 
ilar to that of a graphics co- 
processor, except for XML con- 
tent. "We're trying to offload 
the heavy-duty algorithms from 
their applications," said Dave 
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Tarari markets several specialized coprocessor 
boards that it claims accelerate throughput. 



Finlay, Tarari's vice president of 
marketing and sales. 

The board plugs into servers 
and network appliances. It accel- 
erates such functions as parsing 
and cryptography, which are 
done repeatedly and require a 



great deal of processing. 

Tarari also provides 
libraries and interfaces to 
integrate the board into 
Web services applications. 
That way, Finlay said, cus- 
tomers could concentrate 
on optimizing the design of 
their applications, rather 
than optimizing the perfor- 
mance of some of these core 
XML functions. 

Organizations, hosting 
companies, hardware manufac- 
turers and systems integrators 
could sell services that use the 
XML Content Processor or 
could bundle it with some other 
hardware system. 

Such services won't be cheap, 



however. Tarari quotes pricing 
for the board at US$3,064 each 
in quantities of 1,000. 

The San Diego-based com- 
pany (www.tarari.com) also 
began shipping an anti-virus 
coprocessor at the late April 
show and has been shipping 
a general-purpose "content 
processor" since December. 

In addition to the new 
boards, Tarari introduced a new 
version of its software develop- 
er kit. Version 2.2 offers new 
drivers and supports parallel 
processing. 

The company says it has 
future plans to offer Web ser- 
vices and network security 
processors. 

The Tarari XML Content 
Processor is scheduled to ship 
in June. I 
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It's no secret, just goad sense. Build your products using the mast advanced embedded 
technology available and watch sales and profits rise off the charts. 

Call Green Hills Software today at fi05 L ?o5.o044 or visit us on Ihe web at www, ghs.com 

la find out more. 
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Eternal Springs Hope 
For High-Availability Apps 



BY EDWARD J. CORREIA 

SAN FRANCISCO— The pin- 
nacle of high availability is 
99.999 percent uptime, the 
equivalent of about five min- 
utes of downtime per year. 
Eternal Systems Inc. claims to 
have achieved this "five-nines" 
reliability with Duration, a set 
of components and an API 
introduced at the Embedded 
Systems Conference here last 
month that it says can be added 
to existing applications with as 
little as one line of new code. 

Bob Monkman, director of 
marketing at Eternal (www 
.etemal-systems.com), said Dur- 
ation is unlike other solutions 
that claim five-nines availability, 
because those solutions require 
manual programming tech- 
niques. "This focuses on a need 
that hasn't been addressed in 
embedded," Monkman claimed. 
"The state of the art right now is 
to mix a lot of logic in your appli- 
cation to save off data structures, 
data tables and stacks. [But] 
manual approaches to keep a 
working state and go back to a 
known good point at failure" are 
difficult to carry out, he said, par- 
ticularly with object-oriented 
programming. 



Duration, Monkman said, 
employs an automated check- 
point engine that can be largely 
transparent to developers. "The 
engine sits between the OS and 
the application and periodically 
takes a snapshot of all the regis- 
ters, data segments and the 
stack, and saves them to a desig- 
nated remote failover location. 
Applications register [with the 
checkpoint engine] with as little 
as one line of code." Checkpoint 
periods are specified by the 
developer, as are failover proce- 
dures, which might include 
restart from checkpoints, and 
failover to an alternate node. 

Set for release in July, Dura- 
tion initially will be targeted at 
communications infrastructure 
equipment, but Monkman said 
the system also will have broad 
enterprise applicability. "One of 
the biggest markets for some- 
thing like this is for financial 
transactions," he said, which 
deploy order-processing systems 
with multiphase commit capa- 
bilities, in which processes must 
succeed or fail as a group. "In 
those environments, it's possible 
to get out of sync if a failure 
occurs at the wrong time." 

Monkman said die software 



can run as a stand-alone de- 
velopment environment or in- 
tegrate with existing tools. 
"Through a graphical tool, you 
go in and identify which apps 
you want to protect, where diey 
run, where they fail over, and 
how often to checkpoint diem. 
Then die application [is recom- 
piled and] links with our library." 
The enterprise version will work 
through dynamic library links, 
and will not require a recompila- 
tion of code, Monkman said. 

Duration is set for general 
availability in July, and will be 
priced at US$35,000 for a three- 




Duration's automated checkpoint engine monitors the application state. 



developer pack. Runtime royal- 
ties also will apply; Monkman 
would not provide the cost. 

Monkman claimed the soft- 
ware is compatible with any 
operating system that offers pro- 
tected memory, including Linux, 



Unix, LynuxWorks' LynxOS and 
Green Hills' Integrity; device 
footprint can vary between a few 
hundred kilobytes and several 
megabytes, he added, and 
depends on how many applica- 
tions are protected. I 



PowerBuilder to Target Windows CE 



BY EDWARD J. CORREIA 

Developers using Power- 
Builder, Sybase Inc.'s 4GL 
rapid development environ- 
ment, will soon be able to target 
mobile devices. That's the word 
from Sybase, which in mid- 
April released to limited beta 
Pocket PowerBuilder, a version 
that targets Windows CE; an 
open beta is scheduled for this 
month with general availability 
set by September. 

Among the reported capa- 



be the 
provides 



bilities that will make the tran 
sition from desktop to the 
mobile version will 
DataWindow, which 
a scriptable framework for 
dynamic presentation of con- 
tent, including database and 
HTML data. According to the 
company, developers also can 
expect tight integration with 
SQL Anywhere Studio, the 
mobile database and enterprise 
synchronization development 
environment developed and 



marketed by Sybase subsidiary 
iAnywhere Solutions. 

Developers can register and 
download the Pocket Power- 
Builder beta for Windows at 
www.sybase.com/pocketpb. 
The environment can be used 
to target Windows CE 3.x, 4.x, 
Pocket PC and Pocket PC 
Phone Edition; additional 
mobile operating systems will 
be targeted in the future, but 
the company refused to specify 
which will be first. I 



ESC REPORT 

•< continued from page 1 

The company (www.lynux 
works.com) also updated Visual- 
Lynux 5.0, its add-on to Visual 
Studio that permits apps built 
with the Microsoft environment 
to execute unchanged on die 
company's LynxOS RTOS and 
BlueCat Linux distributions. The 
new version now works with 
Visual Studio .NET and Visual 
C++ .NET The company also 
unveiled Lynx Certifiable Stack, 
a TCP/IP stack that it says is 
secure enough to be certified 
under the Federal Aviation 
Administration's DO-178B Lev- 
el A requirement for security- 
critical environments, consid- 
ered the de facto standard for 
new aviation software. 

Green Hills Software Inc. 
has introduced Run-Mode 
JTAG Debug, a tool diat when 
used in conjunction with its 
Multi debugging software, and 
Probe and Slingshot hardware, 
permits developers to analyze 
tasks running on the ThreadX 
RTOS without stopping the 



application. The company 
(www.ghs.com) also began offer- 
ing royalty-free licensing of 
IPNET and IPLITE, two IPv6 
stacks built by embedded 
security software developer 
Interpeak AB. 

Motorola Inc. has dropped 
the price of its Code Warrior for 
DSP56800 development envi- 
ronment from US$1,195. For 
applications up to 16KB, it is 
free; for larger apps the cost is 
$495. The offer ends in August. 
According to Paul Grimme, 
corporate vice president and 
general manager of Motorola's 
semiconductor products sector, 
typical devices using this 
processor include medical 
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Motorola's 56F800 demo board 
gives developers a real-world 
testbed for software deployment. 



scanners, remote monitoring 
devices, cable test equipment 
and what he referred to as 
"white goods," which he said 
cover washing machines and 
other large appliances. 

Longer term, the company 
(www.motorola.com) will sell 
its 56F800 flash-based demo 
board, which Grimme said is a 
next step beyond software sim- 
ulation, for $49. The board for- 
merly sold as part of a complete 
development kit for $1,500. 

Embedded software devel- 
oper EBSnet Inc. has released 
RT-SMB Server, an implemen- 
tation of the Server Message 
Block protocol for embedded 
devices. SMB is the protocol 
used by Microsoft Windows and 
has been implemented as open- 
source under the Samba pro- 
ject. "It's an easy way to connect 
with a Windows PC to print to 
your embedded device or to 
upload or download files," said 
Shane Titus, lead software engi- 
neer at EBSnet. 

Tony Astolfi, a senior soft- 
ware engineer with the company 
(www.ebsnetinc.com), said the 



stack also simplifies access to 
data on embedded devices from 
Linux and Unix applications 
running on remote machines 
also running SMB. 

"On a box running Samba, 
it creates a transparent connec- 
tion. To that machine, there's 
no difference between files on 
an embedded device and those 
in a local file system," he said. 
Royalty-free pricing starts at 
US$7,000 including ASCI-C 
source code, and varies by pro- 
ject. The stack reportedly occu- 
pies about 150KB of device 
memory, is available for Linux, 
Unix and Windows, and is not 
dependent on EBSnet's own 
TCP/IP stack. 

One notable bit of hardware 
news was from Mentor 
Graphics Corp., which added 
to its iSolve line with the IP- 
Xress Target Platform, a proces- 
sor verification device that 
works through a JTAG interface 
with its VStation and Celearo 
emulators to verify fixed-IP 
designs, such as those in micro- 
processors and DSPs. "The 
direct connection of fixed IP 



means that [developers] can 
execute application software, 
controlled through standard 
software debug tools, while full 
visibility of the ASIC or SoC is 
available from the emulator," 
said Jean-Francois Kali, product 
marketing director. Initially, 
the unit will work with the 
ARM926EJ-S, ARM946E-S and 
ARM966E-S cores; a range of 
circuits from ARM, IBM and 
Texas Instruments are planned 
for the future. 

The company (www. mentor 
.com) also unveiled a number of 
enhancements to Nucleus, its 
embedded operating system, 
including implementations of 
an SNMPv3 stack for simple, 
secure network device manage- 
ment, an IPv6 stack, USB host 
and device capabilities, and an 
extension of the Nucleus kernel 
to include OSEK COM 3, an 
implementation of the uniform 
communication environment for 
automotive control unit applica- 
tion software. OSEK (www.osek 
.org) stands for "open systems 
and the corresponding interfaces 
for automotive electronics." I 
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Free Connection Can Be Costly 

Vendors of ODBC, JDBC or .NET drivers offer 
improved performance, functionality over built-ins 



BY ESTHER SCHINDLER 



It's hard to justify spending money on 
functionality when the supplier has 
already provided it, even if the paid- 
for version is just somehow better. 
And that's true whether you're speak- 
ing of a car stereo, database connector or 
a word processors thesaurus. The differ- 
ence is magnified when the paid-for ver- 
sion isn't just better... it's a lot better. 

Every database includes tools to con- 
nect to other databases: .NET data 
providers, ODBC drivers or JDBC dri- 
vers. Whether the database is a desktop 
tool such as Microsoft's Access or an 
enterprise-level version of Oracle, each 
enables developers to link together and 
manipulate data inside non-native or 
remote databases, using database appli- 
cation design tools or programming 
function calls. 

While the quality of those included 
connectors may vary, there's a thriving 
market in premium connectors and 
adapters. What do they promise that 
makes it worthwhile for you to spend 
money — ranging from hundreds to tens 
of thousands of dollars per server — for 
something you already have? "There are 
no free lunches," said Kingsley Idehen, 
president and CEO of OpenLink Soft- 
ware Inc. (www.openlinksw.com), one of 
the players in that field. 

MORE FOR THE BUCK 

The easiest justification for purchasing a 
third-party database driver is to gain 
functionality that's absent in the free 
tools. That isn't necessarily hard to 
accomplish, since database vendors 
often provide ODBC and JDBC con- 
nectivity as a check box in a feature 
chart. In contrast, the third-party ven- 
dors can claim it's all they do, so they put 
more energy into their features, perfor- 
mance and product support. 

In some cases, the capabilities offered 
by third-party vendors are simply 
unavailable in the built-in tools. For 
example, Proposion Inc. (www.proposion 
.com) sells Proposion N2N, a tool to inte- 
grate IBM Lotus Notes and IBM Lotus 
Domino into Microsoft's .NET Frame- 
work and Visual Studio .NET develop- 
ment tools. Proposion N2N enables 
Domino developers to leverage .NET 
data connection facilities along with 
Notes/Domino features such as agents, 
encryption and attachments — without 




having to run Microsoft's IIS. 

More frequently, the third-party dri- 
vers offer greater feature depth or they 
eliminate limitations set in place by the 
built-in drivers and connectors. 

For instance, Hit Software Inc. (www 
.hitsw.com) sells integration tools that 
work with IBM's iSeries and AS/400s. 
Hit's OLEDB/400 supports IRowsetLo- 
cate and ITransactionJoin interfaces, 
according to the company, but IBM's 
OLEDB for iSeries does not. 

As another example, IDS Software's 
(www.idssoftware.com) .NET Data Pro- 
vider claims to solve a limitation in .NET 
applications: If the database is on a dif- 
ferent computer, linked to the .NET 
server only by the Internet, desktop 
databases aren't able to connect using 
ODBC or OLEDB. 

And, NetDirect Inc.'s (www.j-netdirect 
.com) JSQLConnect pools prepared 
statements both within and across logi- 
cal connections; Microsoft's driver does 



not directly reuse prepared statement 
handles. 

These capabilities can extend beyond 
technical features. Because the licensing 
terms on the free drivers generally 
preclude you from redistributing them, 
some development shops are interested 
in third-party tools to include with 
their products. NetDirect is among the 
companies providing OEM licensing, 
although the distribution issue isn't 
important only to independent software 
vendors. "You don't need the user to 
download a driver, and you can control 
which versions they use," explained Net- 
Direct president David Murphy. 

A common enhancement among the 
add-ons is die ability to connect to dis- 
parate or older database versions unsup- 
ported by the free drivers. Among them 
is DataDirect Technologies Inc.'s (www 
.datadirect-technologies.com) JDBC 
driver, which supports both SQL Server 7 
and SQL Server 2000 running on any 




Windows server (including Windows NT). 
In contrast, said John Goodson, Data- 
Directs vice president of product opera- 
tions, the Microsoft JDBC driver doesn't 
support SQL Server 2000 running on 
Windows NT servers. And Hit's Ritmo for 
DB2, a .NET data provider, translates 
SQL commands accepted via ADO.NET 
into native DB2 SQL. 

ZOOM-ZOOM PERFORMANCE 

For many database developers, the time to 
look for an outside solution is when their 
applications need a performance boost. 
Most database vendors claim that their 
drivers are faster than the ones included 
with the software — anywhere from 10 
percent faster to twice the speed — 
though, naturally, die 
results can vary widely 
depending on the hard- 
ware, software, applica- 
tions and usage models. 

A 10 percent in- 
crease may not sound 
like much on paper, but 
according to Martin 
Smith, vice president of JDBC driver sup- 
sales and marketing for ports SQL Server 
Hit, that's a meaning- even on Windows 
ful improvement to NT, says Goodson. 
most customers. 

NetDirect s Murphy pointed out that, 
in most cases, the built-in drivers work 
fine — up to a point. "They're OK for up to 
200 concurrent users, but then database 
access slows down." While it's possible for 
in-house staff to optimize the use of built- 
in tools and to create workarounds, Mur- 
phy said, "it's not worth it. Once you've 
spent a day trying to solve the problem, 
you've basically spent the money [that our 
product would cost]." 

Some of the products address perfor- 
mance with specific features, beyond 
"simply" making access faster. EasySoft 
Ltd.'s (www.easysoft.com) Enterprise 
ODBC Bridge provides additional usage 
statistics, such as average connections per 
minute and connections per data source, 
as well as a graph of connection history. 

'HOLDING THEIR NOSES' 

A big issue among the third-party ven- 
dors is offering tools that are truly com- 
pliant with the JDBC and other technol- 
ogy specifications. 

► continued on page 24 
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FREE CONNECTION 

* continued from page 23 

The database vendors have to create 
drivers that align with the industry 
expectations. But inherently, they also 
want to offer features that add value to 
their products' feature sets, or (if you're 
cynical) lock you into their proprietary 
system. DataDirect's vice president of 
product management, Evan McDon- 
nell, said, "They offer standards-based 
interfaces — but they do it holding their 
noses." 

As a result, several 
of the third-party driver 
vendors stress their 
suitability for people 
who want to target mul- 
tiple databases, claim- 
ing that their drivers 
will work with all data- 
bases with no code 
changes. 

Then there's the 
issue of support for the 
latest JDBC technology 
specifications. McDonnell claims that the 
free database vendors skimp on testing. 
Although Sun's JDBC test suite has 6,000 
JDBC tests, he said, most of the free dri- 
vers fail nearly 10 percent of the J2EE 
compliance tests. 

Michael Chen, president of IDS 
said, "Our JDBC solution is Type 3, 
which is the combination of IDS Server 





Free DB vendors 
skimp on com- 
pliance testing, 
claims DataDi- 
rect's McDonnell. 



Whichever technology you choose, the different specifications 
for database connectivity share the same goal: to enable appli- 
cations to work independently of the back-end database engine 
chosen. The drivers aren't standards, per se, because they 
aren't endorsed by an industry standards body, but they're cer- 
tainly standard in the sense of ubiquity. 

Each driver is specific to a particular DBMS, and exposes the 
capabilities of the underlying DBMS to the application. If you 
want your application to interact with DB2 using ODBC, you'll 
need a DB2 ODBC driver or dynamic link library. Drivers are avail- 
able both as APIs and as application-specific tools, so your 
spreadsheets can look up information from a SOL database. 

ODBC (Open DataBase Connectivity) is most closely associ- 
ated with Windows operating systems, and in fact it started out 
as the Windows implementation of the X/Open SQL Call Level 
Interface specification in 1992. Although ODBC is considered a 
Windows-centric interface, ODBC drivers are available for sever- 
al other platforms. Among them is the open-source platform- 
independent implementation of both the ODBC and X/Open 
specifications, known as Independent Open DataBase Connec- 
tivity (iODBC). 

A data provider in the .NET Framework serves as a bridge 
between an application and a data source. A data provider is 
used to retrieve data from a data source and to reconcile 



changes to that data back to the data source. The .NET Frame- 
work includes SQL Server and OLE DB.NET data providers; it 
also supports ODBC as a separate download. 

JDBC is a little more complicated, because there are several 
versions. Like the other interfaces, JDBC enables developers to 
connect with a database or tabular data source, send SQL state- 
ments and process the results. It's included in both J2SE and 
J2EE, with four types available. 

Type 1 is Sun's JDBC-ODBC Bridge, a JDBC driver that imple- 
ments JDBC operations by translating them into ODBC opera- 
tions. To ODBC it appears as a normal application program. The 
bridge implements JDBC for any database for which an ODBC 
driver is available. Type 2 is a partial Java driver, which converts 
the developer's JDBC API calls into calls to the client machine's 
specific database. It needs the database vendor's JDBC driver 
loaded on each client machine, however. These two are used pri- 
marily by application developers. 

More attention is given to Type 3 and Type 4 JDBC drivers 
right now, partially because they don't require client JDBC 
drivers to be installed. The former is a pure Java middleware 
solution. Type 4 JDBC uses a direct-to-database pure Java 
driver that converts JDBC calls into network packets used by 
the proprietary format of the database. 

-Esther Schindler 



[server-side] and IDS JDBC Driver 
[client-side]." All major database mak- 
ers now offer a Type 4 JDBC driver for 
their own databases. Also, all versions of 
JDK and JBE come with the free but 
infamous JDBC-ODBC Bridge, which 
Chen considers "a transitional solution." 
Actually, to quote from Sun's own 



documentation, "Sun Microsystems and 
DataDirect Technologies are working to 
make the Bridge more reliable and 
robust, but they do not consider it a 
supported product. With the develop- 
ment of pure Java JDBC drivers, the 
JDBC-ODBC Bridge should become 
unnecessary." 



SECURITY 

According to some vendors, the free 
native drivers are inherently insecure, 
because they enable any ODBC-com- 
pliant application to get at the com- 
pany's data. 

According to OpenLink's Idehen, 
► continued on page 25 
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"When you add die Web and 
Internet to the mix, the vulnera- 
bilities only increase." 

A security and load issue 
doesn't have to be external or 
malicious. Imagine an informa- 
tion worker in the sales depart- 
ment using Excel or a report 
writer to connect to the back- 
end database. What's the 
impact on the LAN if his query 
generates millions of answers? 

OpenLink's Virtuoso 3.0 (the 
latest edition of the cross-plat- 
form virtual database for SQL, 
XML and Web services) supplies 
a rulebook to establish how the 
enterprise will use ODBC and to 
create an environment that pro- 
tects the data's integrity. 

For example, access from 
outside the firewall can be set to 
read-only. Or you can limit the 
number of records retrieved, 
depending on whether they have 
specific IT department approval, 
or whether the retrieval was 
inside or outside the firewall. 
(Databases don't care about net- 
works or IP addresses, said Ide- 
hen; they look only at the user 
ID and password.) These limita- 
tions can be role-based, so diat if 
you're using die HR application, 
it's all right to update or delete 
records, but you can't do so from 
a spreadsheet. 

OpenLink is not the only 
vendor with security features. 
EasySoft's software enables you 
to secure data sources by attach- 
ing an access control list, defin- 
ing exactly which users and 
clients may use each database. 

The Internet adds complexity. 
Many developers create stand- 
alone or applet-based Java solu- 
tions that can be downloaded and 
run by clients across the Internet. 
IDS' Chen said, "If diese types of 
applications need to use JDBC to 
talk to databases, using Type 4 
drivers poses a serious security 
risk because the database server 
must be exposed to the Internet. 
Most sane database admin- 
istrators aren't willing to do that, 
because die database server will 
be under direct attack from hack- 
ers. Most Type 4 drivers offer no 
encryption capability, or such 
capability is unfeasible for de- 
ploying diese lands of Java appli- 
cations." Chen claimed his com- 
pany's IDS Server and IDS 
JDBC Driver offer remedies. 

SIGNING ON THE BOTTOM LINE 

Perhaps your concern isn't the 
technology benefits offered by 
these tools. It's the fear of finger- 



pointing that can result when 
too many vendors and technolo- 
gies are added to the product 
mix. Even if the free drivers are 
merely adequate, you reason, at 
least they'll be supported by the 
database vendor. 

That's not how the third-par- 
ty vendors see it. They point out 
that getting timely technical 



support for drivers is a slow and 
indirect process, especially 
since most nonpremium sup- 
port is via Web or e-mail corre- 
spondence only. And they're 
willing to intercede with the 
database vendor in case of fin- 
ger-pointing, but it's almost 
never necessary to do so. "We 
provide diagnostic utilities to 



see where a breakdown occurs. 
That's typically enough for a 
database vendor to compre- 
hend," said OpenLink's Idehen. 
The vendors also stress the 
ease of installation. As Hit's 
Smith pointed out, "A person 
working on a project doesn't want 
to break stride; it's important to 
get up and running immediately." 



You may not need a third- 
party database driver, at least 
while you're developing the 
application and putting it 
through its pilot phase. "Most 
people aren't aware of the 
implications until they get to 
roll out," said Idehen. "They 
come to us when they exit 
pilot." I 
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EDITORIALS 

C# Beyond Microsoft 

In the War of the Language Standards, Microsoft's C# 
has beaten the pants off of Sun's Java. But it may be a 
Pyrrhic victory. 

Sun, you may recall, chose not to submit Java to an 
independent standards body, preferring to keep tight con- 
trol over the language specifications. By contrast, 
Microsoft submitted its C# language (and a small portion 
of the .NET infrastructure) to ECMA, a European ven- 
dor consortium, and from there, to the International 
Organization for Standardization, which fast-tracked the 
language to approval as ISO/IEC standard number 23270 
earlier this year. 

So, C# is a de jure standard, and Java is not. While that 
may benefit Microsoft when it comes to bidding for major 
government contracts, the fact is that C# remains bound 
to .NET. Even Borland, with its new C# Builder develop- 
ment environment, isn't taking the C# language to other 
platforms — or even to native Win32 code. In fact, 
Microsoft's own C# compiler for .NET is an integral part 
of C# Builder. So, what's the point of standardization? It 
doesn't truly give the customer more choices, or more 
investment protection. 

So, yes, C# may evolve as the best language for build- 
ing .NET applications, and the ISO standardization will 
certainly give Microsoft bragging rights. 

By contrast, Java is a de facto standard with broad 
industry support — and isn't tied to any specific platform. 
Although Java lacks that important ISO/IEC imprimatur, 
it's more akin to languages like C/C++, COBOL and For- 
tran, with a broad appeal that C# simply can't match. 

Upgrading Database Drivers 

When designing a transaction-oriented system — or 
any sort of application that relies upon a back- 
end database — it's tempting to forget about the perfor- 
mance characteristics of the connections between the 
different tiers. A fast database won't do you much good 
if it takes too long to move the data into it or to perform 
queries against it, because the connectivity middleware 
between the database and the application is slow or 
inefficient. 

Nearly all tools and platform vendors provide some 
form of database driver capability, such as ODBC or 
.NET Data Providers on Windows, or JDBC in the Java 
world. The generic drivers provided with the tools can be 
adequate for simple applications, or for operating com- 
plex apps under a light load. It's important to realize, how- 
ever, that these default drivers may not provide the best 
approach — ODBC or OLE DB, for example, may prove 
less efficient for high-volume transaction systems than 
native drivers. But, of course, going with native drivers 
may complicate development, or lock you into a specific 
database target. 

The solution? In many or even most cases, those 
default drivers may be good enough. But when designing 
enterprise applications, choosing and using an improved 
driver or database access method may vastly improve 
overall system performance — in some cases, allowing the 
application to scale further, or be able to run on lower- 
end hardware. A driver upgrade is a solution worth look- 
ing into. I 
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THE MONSTER IN THE BASEMENT 



There's a monster lurking in 
the basement of your distrib- 
uted applications. You can tame 
it, but you may also get bitten. 

Modern computing tech- 
nologies allow software devel- 
opers to design and build com- 
plex applications better than 
ever. These powerful new soft- 
ware products make the shar- 
ing of information infinitely 
easier, bringing the world clos- 
er together and allowing cor- 
porations to act with maximum 
efficiency. 

Software applications are 
extremely powerful due in 
large part to the "infrastruc- 
ture" that supports them. This 
vast infrastructure is made up 
of the technologies that have 
survived the cruel evolutionary 
world of computing and 
matured into an industry stan- 
dard. For example, let's take a 
look at the infrastructure that 
supports user input. In the ear- 
ly days of computing, support- 
ing user input meant turning a 
keystroke into an 8-bit ASCII 
code, allowing software engi- 
neers to write software that 



handled character-based input. 
In the modern Web services 
era, this updated infrastructure 
allows developers to accept a 
user name from a Web-based 
form and use a public directo- 
ry service to pull all of the 
user's information. 

This infrastructure stan- 
dardization process al- 
lows software developers 
to focus their efforts on 
addressing increasingly 
complex problems, such 
as business intelligence 
and corporate mergers. 
But cracks are beginning 
to appear in this infra- 
structure, especially the 
most unpredictable piece — the 
network. 

The network has evolved to 
provide ever-higher levels of 
service over an increasingly 
complex physical infrastruc- 
ture. Today, a single operating- 
system call can get a browser to 
display a specific URL. This 
single call is translated into 
quite a lot of network traffic 
coupled with complex network 
algorithms, such as session 




management, rate control, 
error discovery and recovery. 
No one would expect this code 
to perform the same way when 
running over a dial-up connec- 
tion as it would over a high- 
speed LAN that is perhaps 
2,000 times faster. 

Over the years, many tech- 
niques have been de- 
veloped to deal with the 
network's inability to 
"hide" its performance. 
One of the most com- 
mon techniques was 
"text only" Web sites. 
In order to provide 
adequate performance 
for 28.8Kbit/sec dial-up 
users that made up the Internet 
population in its early days, 
most sites created text-only ver- 
sions of their URLs. Unfortu- 
nately, this and other crude 
methods of dealing with net- 
work performance issues no 
longer work in the Web services 
era. Most applications are so 
complex that it's virtually 
impossible to isolate the areas 
that are most sensitive to net- 
work performance. 
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WEB SERVICES GOTCHAS' 



When developing complex 
Web services applications, 
users are better off with devel- 
opment products from multiple 
suppliers. 

What we at Aberdeen 
Group are finding in the Web 
services area is that the major 
suppliers, such as IBM, Micro- 
soft and Sun, don't present 
products that home in on some 
of the "gotchas" of Web ser- 
vices development. They have 
focused primarily on putting all 
the pieces together of a Web 
services tool set covering the 
standards, rather than on look- 
ing at how automated those 
pieces are. 

On the other hand, third- 
party suppliers are focusing on 
how Web services develop- 
ment can be made automated. 
So if you really want to do Web 
services development well, 
you have to combine a major 
tool set with third-party pro- 
jects. I think the "gotchas" are 
unusually important in this 
instance, which is a strong 
indication as to why you can't 
do very well in the long term 
just by using one tool set. 



There are two major "gotcha" 
issues we have seen so far: per- 
formance and consistency. 

Take the whole question of 
performance. When you create 
a Web services application, 
you're building from a model 
that is set up like the Web, with 
a provider and a consumer: You 
send out a request to a provider, 
and the consumer gets the 
response. 

The problem is, the 
moment that you are 
dealing with data, you 
have many back-and- 
forth requests for a sin- 
gle transaction. Addi- 
tionally, every time you 
go between these two 
applications that could 
be sitting side-by-side on the 
same server, you're going down 
a very big stack and back up 
again. This can create a huge 
slowdown — some users have 
initially reported up to an 
order-of-magnitude slowdown. 
So performance can really 
croak you. 

When it comes to consisten- 
cy, there's a very real tempta- 
tion when developing a Web 
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service to let each service be 
different — to create a free-for- 
all. The whole idea of a Web 
services provider is that it offers 
options upfront to whoever 
calls in from the outside world. 
If you let in-house develop- 
ers create each Web service 
separately, it will be totally 
unclear to the outside consumer 
as to what kind of options he or 
she will be able to get — 
you'll lose a lot of the 
simplicity benefits that 
Web services were sup- 
posed to deliver. 

What you really want 
to do is set up standards 
for Web services pro- 
vider code that offer 
such things as personal- 
ization and security — in every 
provider interface. So what 
you want in a development 
tool set is something that can 
make it easy for the developer 
to do that. 

NEED FOR FLEXIBLE CODE 

Indeed, a new factor has en- 
tered the development buying 
decision: the need for flexibili- 
ty. There's a shift in the mean- 
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THE MONSTER 

That "monster in the base- 
ment" — the unknown effect the 
network will have on an appli- 
cation — must be brought to 
light. Does the monster exist at 
all, or will the application per- 
form properly? Maybe the 
monster will make the applica- 
tion too slow to use. Or maybe 
the monster is so vicious that it 
will endanger data integrity. 

Developing applications in 
a lab environment and ignor- 
ing network performance until 
an application "goes live" is 
irresponsible. Think about it as 
developing a great Windows 
XP application when most of 
your users are running DOS- 
based machines. Most of the 
users would not be able to 
access the application, and it 
would be deemed useless — 
you would never develop such 
an application if you wanted to 
keep your job. 

But because of the lack of 
tools, you have to develop great 
LAN applications when most of 
your users gain access via DSL 
connections. Many of the users 
may not be able to access the 
application and, once again, it 
will be deemed useless. The 
only difference between the 



Windows-DOS and the LAN- 
DSL scenarios is that in the lat- 
ter you have a chance — maybe 
you'll get lucky. 

Distributed applications are 
deployed over a massive WAN, 
usually the Internet. Luckily, 
the WAN is fast — but it's never 
fast enough. Just as memory 
will never be large enough and 
the processor won't be power- 
ful enough, so the WAN will 
never be fast enough. And 
speed, or bandwidth, is only the 
tail of the monster. Latency, or 
the end-to-end propagation 
delay of the network, is the 
monster's ugly head — the No.l 
enemy of performance. 

The speed of light limits 
the travel time of information 
across the network, and every 
WAN connection has a latency 
that can impact travel time 
even more. This latency can be 
anything from a hundredth of 
a second up to almost half 
a second. In the former case, 
it might be a connection 
between two offices in the 
same city connected through 
the same Internet service 
provider. In the latter case, it 
might be a satellite backup 
connection between the same 
two offices. 



Competing with bandwidth 
for the second place on the list 
of "performance's worst ene- 
mies" is network quality — one 
of the monster's many evils that 
may lead to data loss, conges- 
tion and sharp changes in over- 
all performance. 

The problem is that latency 
and quality are not as easily 
measured as bandwidth, where 
every kilobit appears on a 
monthly bill. In most cases, net- 
work latency and quality cannot 
be guaranteed and vary widely 
during the day. A major respon- 
sibility of a network manager's 
job is to monitor these parame- 
ters, but because modern IT 
organizations are vertically seg- 
mented into domain expertise, 
in most cases, developers and 
network managers are com- 
plete strangers when maybe 
they should be best friends. 

The level of awareness of 
the monster is constantly rising, 
and it's driving the creation of 
new tools, including network 
performance emulators, that 
more accurately address appli- 
cation-performance problems. 
These solutions make perfor- 
mance management a part of 
every phase of the application 
development life cycle and 



enable collaboration among all 
IT teams — particularly the 
networking team and the 
development team. The result 
should be applications that are 
optimized for performance 
from the outset — i.e., dealing 
with performance issues before 
they affect end users and 
ensuring optimal utilization of 
the applications, servers and 
networks that make up the IT 
infrastructure. 

It's going to be increasingly 
important to design distributed 
applications that take into 
account the real-world perfor- 
mance of local- and wide-area 
networks, especially when new 
software technologies such as 
Web services will provide the 
monster with a high-protein 
diet. And without thorough 
predeployment performance 
testing, the monster might 
devour the promised ROI and 
render mission-critical business 
applications useless. 

Be careful. The sting of the 
monster's bite lasts a very long 
time. I 

Benny Daon is the CEO and co- 
founder of Shunra Software 
Ltd., which sells network emu- 
lation products. 



ing of flexibility. It used to 
mean open standards. But 
open standards were really a 
way to get at flexibility. Now 
what's happening is that the 
proportion of legacy code sit- 
ting out there is enormous, 
and it continues to claim a 
greater percentage of the total 
amount of code. 

So, more and more, you 
have to define flexibility in 
terms of legacy code, ensuring 
that code is written or encapsu- 
lated so that it is as easy as pos- 
sible to upgrade. 

Flexibility now, in the devel- 
opment tools space, means 
more than just covering the 
standards — it means writing 
code that is easy to upgrade as 
technology changes. 

Enterprises in the past 
were confronted with the 
"make-versus-buy decision," 
meaning that they could either 
develop software or buy a 
package of software. What 
tends to drive that decision is 
how easily the enterprise can 
satisfy its needs with an out- 
side package that must be cus- 
tomized, versus how easy it 
is to develop it inside using the 
enterprise's own resources. 
Over the past two or three 
years, suppliers are increas- 



ingly coming up with in- 
frastructure solutions that pro- 
vide high-level middleware 
that will handle everything 
except the "last mile" of de- 
velopment. These infrastruc- 
ture solutions can cut develop- 
ment time from two to six 
months, while avoiding the 
need to customize a packaged 
application. 

With an infrastructure solu- 
tion, you can speed up in- 
house development. So, what 
a business needs to take into 
account is whether the devel- 
opment solution is scalable, 
flexible, life-cycle-supporting 
and programmer-productive, 
on its own or in combination 
with third-party tools — and 
also whether it can be com- 
bined with APIs and libraries 
specialized for the needs of 
the industry or function to cre- 
ate a infrastructure solution. 

Then, it's probably true that 
you have the best of both 
worlds. I 

Wayne Kernochan is managing 
vice president of Aberdeen 
Group Inc., and author of "Web 
Services Development Solutions 
Buying Guide, Fourth Edition," 
at www.aberdeen.com/ab_ 
company /hottopics/webservices. 



LETTERS TO THE EDITOR 



THE OPEN ROAD 

In regards to your article 
["OpenLoad 3.5 Tester Focuses 
on WebSphere, DB2," April 15, 
page 13, or at www.sdtimes.com 
/news/076/story20.htm], open 
standards solutions are the way 
to go. This sounds like another 
small company that will make 
the smart big boys tremble. 
Charles D. Smith Jr. 

THE RIGHT TOOLS 

Steven J. Vaughan-Nichols' col- 
umn ["Choosing the Right Java 
Tools," April 15, page 33, or at 
www.sdtimes.com/cols/javawatch 
_076.htm] was so true, and not 
just for Java, but for any pro- 
gramming platform. Steven 
makes great points, and the 
hammer-screw analogy is dead- 
on. Good stuff 

Elaina Russo 

Teamstudio Inc. 

PAY FOR PERFORMANCE? 

I see the day in the future where 
server software is licensed based 
on processor performance 
["One Processor or Two," March 
15, page 4, or at www.sdtimes 
.com/news/074/story8.htm]. For 
example, let's say you pay $1,000 
for a 2.0GHz XEON processor's 



speed, but then upgrade to a 
3.0GHz XEON. The software 
vendor will have throttling built 
into the software until a $500 
code is entered to allow the 
application to work at 3.0GHz. 

There are greedy people 
out there. But thankfully, they 
haven't taken this leap, yet — I 
think. 

Travis B. Creighton 

CompuTron 

TRUTH ABOUT COSTS 

The article within your special 
report on Windows Server 2003 
["IDC: Want to Lower Costs? 
Mainframe's the Way to Go," 
March 15, page 29, or at www 
.sdtimes.com/news/074/special2 
.htm] was a good story. It is 
amazing how many people think 
that the low cost of purchasing a 
PC translates into low TCO. 
Thank you for printing the truth. 

Douglas Streifling 

Manager of Info Services 

SierraPine Ltd. 

Letters to SD Times should include the 
writer's name, company affiliation and 
contact information. Letters become the 
property of BZ Media and may be edited. 
Send to feedback@bzmedia.com, or fax 
to +1-516-922-1822. Please mark all cor- 
respondence as Letters to the Editor. 
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BEST ARCHITECTURE PRACTICES 



The defining characteristic of the .NET 
Framework is a unified programming 
model wiping away the barriers between 
programming languages and application 
types. There are no black boxes prevent- 
ing a person with a Visual Basic back- 
ground from using VB.NET to write a 
grid computing application; diere are no 
tool limitations to prevent a C++ pro- 
grammer from dragging and dropping 
200 widgets on a form and pressing "Go!" 
That's one of the best things to happen for 
programmers in a long time — every .NET 
programmer is free (at least at a technical 
level) to explore that niche of the software 
development world that is most reward- 
ing for diem, creatively and financially. 
There is, however, considerable risk asso- 
ciated widr this model. 

While it's nice not to have arbitrary 
barriers between application types, dif- 
ferent types of applications do require 
different approaches. One rarely thinks 
about conversational state between 
objects in a local application; one obsess- 
es over it when designing an enterprise- 
scale system. Besource starvation is not 
on the radar screen of most Web pro- 
grammers, but someone developing for a 
smart phone would be foolish not to 
address it from day one. 

More accurately, these are not issues 
of design, but issues of architecture. 



"Architecture" is one of the most 
overused words in the technical field, 
but when I say "software architecture," I 
mean "the unifying technical principles 
by which a program or system is orga- 
nized." Something more than design, 
but still concrete enough to guide deci- 
sions at the code level. 

Bill Gates is "chief software architect," 
proof enough that Microsoft has 
traditionally taken a higher-level 
view of architecture. I don't know 
what Bill Gates' workday is like, 
but I'm fairly sure it doesn't 
involve riding shotgun on the 
component structures in Office. 

In contrast, you can't spill a 
latte at a Santa Clara Starbucks 
without scalding a "Java archi- 
tect" (of course, the latte was poured by 
someone still carrying his "VP of busi- 
ness development" business cards). 

Microsoft's view is changing though, 
with the realization that .NET gives 
everyone enough rope to hang them- 
selves, and those who do may very well 
mistake domain constraints with faults in 
the .NET implementation. To battle this, 
Microsoft has created two new excellent 
resovirces on http://msdn.microsoft.com: 
/architecture and /practices. 

These sites contain literally thousands 
of pages on best practices and patterns for 
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.NET software architecture. There are 
reference architectures, operational prac- 
tices and "reference building blocks" that 
I think are particularly useful. The writing 
is occasionally too tactical; the operational 
practices in particular often mistake best 
practices for "best practices possible with 
Microsoft's current version of the tool." 
Although documenting current tools is 
important, the value of best practices lies, 
I think, in creating a universal base of 
understanding and communication that 
will extend over years. 

This is not to say that architec- 
tural best practices don't evolve, 
of course, but one of the tilings 
that's most noticeable in the best 
books on software architecture, 
such as Martin Fowler's recent 
"Patterns of Enterprise Applica- 
tion Architecture" (Addison- 
Wesley, 2003) or the classic "Pat- 
tern-Oriented Software Architecture" by 
Buschmann et al. (Wiley & Son, 1996), is 
that they can help one analyze legacy sys- 
tems or applications that can't yet be built. 
So far, Microsoft's patterns and prac- 
tices don't cover all the gaps between 
tactical-design decisions, computer- 
science theory and hard-won experi- 
ence, but it's a very good start. 

While all of Microsoft's patterns and 
practices are available online, a subset is 
available in print. Ironically, it appears to 
be the relatively short-lived operations 
guides that are most available in book 



form. Given that some of the other docu- 
ments are book-length (the reference on 
building secure ASP.NET applications, 
for instance, runs 608 pages), one wishes 
that Microsoft made them available in a 
form amenable to printing. 

With the .NET Framework breaking 
down the artificial fiefdoms between 
application types, attention to software 
architecture is going to become one of the 
critical success factors. Despite Micro- 
soft's traditional focus on education at the 
more tactical level of APIs, the new 
MSDN sections and outreach programs 
show that Bedmond is trying to get ahead 
of this shift. 

Development managers should equal- 
ly recognize and embrace this changing 
emphasis by supporting their best devel- 
opers in educating diemselves in architec- 
tural best practices and applying them. Be 
wary about gratuitous title inflation, 
though, as it can lead to nasty salary 
demands — according to Software Devel- 
opment Magazine's latest salary survey, 
the median "software architect" makes 
US$96,000— $11,000 more than "project 
leader" and a solid $16,000 more than 
those whose title was "software develop- 
er" or "software engineer." I wonder if Bill 
Gates participated in that survey? I 

Larry O'Brien is an independent tech- 
nology consultant and analyst, and the 
founding editor of Software Develop- 
ment Magazine. 
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DUMP MICROSOFT'S JVM 



By my count, there have been 10 patch- 
es for serious security problems in 
Microsoft's JVM since 1999. That's getting 
close to about a patch a quarter. That's 
more than Internet Explorer, which is no 
major model of security itself. Is it just 
me, or is there something fundamentally 
wrong here? 

These aren't little problems. This isn't 
a matter of the fonts not displaying prop- 
erly. According to the documentation 
accompanying the Microsoft patches, 
these flaws have included enabling "an 
attacker to gain control over another 
user's system" (MS02-069) — the most 
serious of which could enable an attacker 
to gain complete control over a user's sys- 
tem (MS02-052) and "run code of an 
attackers choice" (MS02-013). That cer- 
tainly makes me feel warm and fuzzy 
about Microsoft's JVM. 

And then there's the latest, April 10's 
MS03-011, in which it's revealed that the 
Microsoft JVM's ByteCode Verifier could 
not spot malicious Java code from being 
loaded. In practice this meant that some- 
one could create an applet to delete files 
that would mn just by someone opening a 
Web page with the embedded applet. 

It's not like Microsoft's JVM, which 
it refuses to call a JVM lest it use the 
dreaded Java word, is any great shakes to 
begin with. After initially refusing to ship 



one out of corporate pique, when Red- 
mond finally did resume shipping one, 
as Larry O'Brien pointed out in his 
April 1 Windows & .NET Watch column 
("JVM Plug-And-Play," page 37, or at 
www.sdtimes.com/cols/winwatch_075 
.htm), it's an outdated piece of junk that 
supports only Java 1.02 or Java 1.1.4, 
which supports only the Abstract Window 
Toolkit (AWT) and not the Swing 
user-interface toolkit. 

Isn't it time to stop Microsoft 
from getting away with this? No 
one, except possibly a court, can 
force Microsoft to ship an 
updated JVM that would sup- 
port at least Java 1.2 if not 1.4. 
But, even if someone did, do 
you really want your users run- 
ning JVMs that in the past have proven 
to be downright dangerous? 

End users have lower expectations 
than ever from their software. Each and 
every Microsoft JVM security hole has 
had the potential to destroy a customer's 
desktop. Ten times now, Microsoft itself 
has revealed serious security holes in its 
JVM. That's 10 times your customers have 
dodged the bullet of walking in some 
Monday morning and finding every last 
one of their desktop machines missing 
every last file; 10 times that they could 
have come in, started work and not been 
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aware that a backdoor program had been 
installed that was making an additional 
copy of every file you saved to their rival's 
war-hacking server. 

They put up with it because, like a 
lucky drunk driver, they haven't had a 
wreck. . .yet. But, it will happen. It's not a 
matter of if it will happen; it's a matter of 
when it will happen. Don't believe me? 
Remember SQL Slammer? That man- 
aged to kill Microsoft's SQL Servers 
directly and smack other systems with 
denial-of-service attacks. Slam- 
mer used a known security hole 
that had already been patched. If 
someone comes up with a combi- 
nation of a malicious applet that 
uses the ByteCode Verifier hole 
and a popular Web page, I'm sure 
there still will be millions of vul- 
nerable systems for it to attack. 
So what can we do about it? 



Well, unlike Microsoft, which won't fun- 
damentally upgrade its JVM — and based 
on its track record, probably couldn't any- 
way — we can't force-feed updates to cus- 
tomers. What we could do, though, when 
we deliver our applets, is include an 
applet that automatically checks for the 
Microsoft JVM's presence. Then, if we 
find it, without another JVM in place, we 
send the user a message, whether it be on 
the Web or in our CD-bome installation 
routine, reading something like this: 

WARNING! Your machine is using 
an insecure, outdated JVM. Please press 



Enter to install a secure, current JVM, or 
quit to exit installation, and the applica- 
tion will not be installed. 

II they press Enter, you then, of course, 
have your program install the latest and 
greatest Java Plug-In and Java Web Start 
and then put in your application. 

You think that message is harsh? 
Why? Microsoft has done this for ages. 
Remember all those Web pages that 
gave warning messages that they'd only 
run with Internet Explorer? All those 
Web sites written in early versions of 
FrontPage that really wouldn't run prop- 
erly with Netscape? If it's good for the 
goose, it's good for the gander. 

Besides, is there anything factually 
wrong with the announcement? It's cer- 
tainly outdated, and the existence of 10 
major known and acknowledged security 
problems in the past few years certainly 
sounds insecure to me. And no one knows 
how many major holes are in there, or 
worse still, that a few crackers know about 
and haven't found a way to exploit yet. 

No, if we really want to have Java 
applications on the desktop, it's time not 
to merely abandon the universal but 
woefully flawed Microsoft JVM, but to 
start pushing it out of the marketplace 
ourselves. I 

Steven J. Vaughan-Nichols is editor of 
Practical Technology (www.practical- 
tech.com) and has worked as a program- 
mer for NASA and the Dept. of Defense. 
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SCRIPTING EASY PROGRAM INTEGRATION 



Scripting languages traditionally have 
fulfilled one of two missions. 

The first, exemplified by the so- 
called "little languages" such as awk 
and pic, aims to do just one thing, but 
do it very well. This design philosophy 
originated at Bell Labs, where many of 
these tools were developed. Unix — 
another Bell Labs invention — very 
much encouraged this approach of 
stringing together many small, special- 
ized tools. 

Modern scripting languages, howev- 
er, have moved away from this "narrow 
niche" design in favor of a wider scope 
of service, while maintaining their 
original, particular talent. JavaScript 
(now often called ECMA Script or 
JScript), for example, was designed to 
handle logic flow in HTML pages. 
While it continues to be adept at this 
task, it has clearly evolved beyond this 
original purpose. 

The second application for scripting 
languages is the production of proto- 
types and one-off solutions. Languages 
in this category are inherently general- 
purpose. Their syntax is designed to be 
easy to learn, undemanding (most do 
not require that variables' types be 
declared before the variable is used) 
and semicompiled (that is, they com- 
pile to bytecodes). Scripts written in 



these languages can also be put into 
production and, in fact, frequently are. 
Typical languages in this group include 
Tel, Python, Perl and Buby. 

Many of these modern scripting lan- 
guages also share an excellent distin- 
guishing feature: Most of them are 
embeddable. By this, I mean you can 
embed their runtime engine in your 
applications. This option enables 
your customers to write scripts 
to extend or modify your soft- 
ware. Microsoft offered similar 
capability with Visual Basic for 
Applications (VBA), and Troll- 
tech is about to do the same for 
Qt programs with Qt Script for 
Applications (QSA), a Java- 
Script clone. Tel and Python 
are particularly well-known for this 
embeddability. 

But the real benefit I believe enter- 
prises will recognize from scripting is 
the integration of software. These script- 
ing languages are increasingly emerging 
as the glue that enables disparate mod- 
ules to be cobbled together into an 
application. They are to program inte- 
gration what XML is to data integration. 
In particular, Perl and Python do this 
especially well. Let us look at these two 
just a bit more. 
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to its convenient use in Web applica- 
tions. It was one of the most effective 
solutions for dynamic Web pages before 
specialized options like PHP, ASP and 
JSP arrived on the scene. It could call 
programs written in other languages, 
manipulate their output, create input to 
other modules, and do about anything a 
hacker or systems administrator would 
want. In this sense, Perl solved a funda- 
mental problem with the original Unix 
model, which required knowledge of 
many different scripting lan- 
guages. Perl replaced them all 
by being good enough at almost 
all the tasks. It did, however, 
suffer from an arcane syntax 
that still today makes the lan- 
guage difficult to read and hard 
to learn quickly. 

Python was developed from 
the ground up to be an easy-to- 
use, general-purpose scripting language. 
Its wide popularity testifies to its success 
in meeting this goal. The Python com- 
munity developed numerous libraries 
for the language and then embarked on 
giving it truly superior capabilities for 
integration. 

Python code can be used to glue Java 
components together — in fact, Jython 
(formerly JPython) is aversion of Python 
that compiles down to Java bytecodes. 
Python modules also can be accessed 
from C and C++. COM objects and 



Perl gained immense popularity due ActiveX components can be called from 



Python. There's all this, plus embedda- 
bility. And for a graphical front end, 
Python uses the Tk GUI library from Tel 
for its interface — showing again its abili- 
ty to reach across languages. 

This remarkable universality makes 
Python attractive in today's enterprises 
as a simple way of cobbling together 
programs using resources from different 
technology bins — the ultimate in mid- 
dleware for sites that don't want to use 
Web services for this kind of gluing. 

If you're not using Python, you 
should consider downloading it at no 
cost from www.python.org. If you're 
used to C/C++ or Java, you'll find that 
Python is not difficult to learn. If the 
language had manuals, they would 
undoubtedly be the texts from O'Beilly 
& Associates (which has a knack for cov- 
ering emerging languages earlier than 
most publishers). "Learning Python" 
and "Programming Python" are defini- 
tive treatments. "Jython Essentials" is 
the comparable text for Jython. 

The primary commercial develop- 
ment environment for Python is Visual- 
Python from ActiveState (www.activestate 
.com), which plugs into Visual Studio. 
Other commercial versions exist as well. 
Either way, I suspect you'll find Python 
a welcome addition to your software 
integration toolkit. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works LLC. 
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BATTLE ROYAL FOR JOBS 



[Bell. Cue the ring announcer.] 
" I adies and gentlemen, welcome to the 
^■beautiful University Park Hotel on 
the sanguine campus of the Massachu- 
setts Institute of Technology in historic 
Cambridge, Massachusetts. Tonight, its 
the main event — 12 rounds of champi- 
onship coding, brought to you by Top- 
Coder, in conjunction with the king of 
brews, Sun Microsystems. 

"In the Java corner, standing 
6 feet tall and weighing in at 113 
pounds, wearing a Hawaiian 
shirt and paisley shorts, he goes 
by the handle Code Warrior. 
Warrrr-iorrrrr! In the .NET cor- 
ner, standing at 5 feet 4 inches 
and weighing 195 pounds, wear- 
ing the tie-dyed propeller cap, 
here's Bit Player. Play-errrr! 

"So now, ladies and gentlemen... 
LET'S GET READY TO PROGRAM!" 

All right, so it's not Tyson and Lewis. 
Heck, it's not even a "Celebrity Death 
Match" starring Gates and McNealy. 
But to the finalists of the TopCoder Col- 
legiate Challenge, victory can mean as 
much as $50,000, the undying respect of 
programming peers, and a possible fast 
track to employment with one of the 
industry heavyweights. 

It's done online, via weekly matches 
and tournaments. The recent Collegiate 
Challenge, which concluded last 
month and had $100,000 in total 
prize money staked by Sun and 
graphics company Nvidia, began 
with 700 developers from around 
the world, who were narrowed 
down to 12 finalists. They were 
brought to MIT for two more days 
of competition, and when it was 
over, a junior at Duke University, 
David Arthur, was the last man 
standing. Using anonymous han- 
dles such as SnapDragon or 
LunaticFringe, the competitors 
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talk trash and try to psych each other out 
as they vie for cash and permanent 
development positions. 

The event was run by TopCoder, a 
company founded on the idea of automat- 
ing a way for developers to evaluate their 
ability to solve problem statements by 
seeing where they rank against other 
developers. It has grown into an employ- 
ment service for companies looking to fill 
jobs by providing hard data on 
potential candidates. 

TopCoder writes the sample 
problems, which are generated by 
the highest-rated members of the 
service. There cannot be any 
errors or ambiguities because, as 
president and COO Jack Hughes 
related, "we're dealing with hun- 
dreds of extremely bright people 
who can get very angry." The tests are 
written in Java, C++ and C#, Hughes said, 
with Java and C++ each attracting 45 per- 
cent of TopCoder's 5,000 rated members, 
and C# grabbing the other 10 percent. 

The tests also give some insight into 
the mindset of the people taking the 
test; reviewers can see if the candidate 
knows syntax, or understands and prop- 
erly uses Java APIs. 

Companies that seek developers by 
posting jobs on Web sites or in newspa- 
pers are inundated with resumes from 
the recently displaced as well as from 




the ranks of colleges, while only a few of 
the applicants might actually have the 
skill sets and development capabilities 
the companies are looking for, making 
the task of finding the right candidate 
extremely difficult. The same companies 
are starting to use TopCoder to give tests 
to job candidates before making hiring 
decisions, Hughes said. 

"We provide all the competition statis- 
tics, and give all the code samples to a 
recruiting company to objectively look at 
the code of an individual," he said. 

From that vantage point, Hughes has 
seen a shift in the market for program- 
mers. First, he said, offshore develop- 
ment is hitting a wall, as those costs 
begin to climb while costs for U.S. pro- 
grammers decline, and the talent pool 
thins out due to the sheer volume of 
work being sent abroad. Further, com- 
panies realize that managing an offshore 
project can be more difficult than they 
originally thought, as communication 
barriers often hinder requirements gath- 
ering and understanding, adding time 
and cost to these projects. 

While Hughes said salaries of existing 
programmers might not be coming down, 
what's being offered to new hires has. 
"There are no more signing bonuses and 
stock-option packages," Hughes said. 
"Starting salaries for programmers right 
out of school, if they find something, are 
not what they were in '98." 

Hughes said he is surprised by the 
number of jobs that are now available. 
"You know, eBay and Google are still 
among the fastest-growing compa- 
nies in the world." Not only that, but 
older companies are now facing the 
fact that they must update systems 
and adopt new technologies — 
efforts that were put on hold by the 
economic recession. 

The next TopCoder challenge is 
scheduled for November. Perhaps 
a steel-cage match? 



David Arthur is presented with a check by Reggie Hutcherson 
of Sun and Jack Hughes of TopCoder. 



David Rubinstein is executive edi- 
tor of SD Times. 



Total U.S. Spending on Web Services 
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Web services are on a fast track for industry growth, 
according to new research and projections from 
International Data Corp. Its latest numbers, updated 
in February, show that total Web services spending 
for hardware, software and services came to $1.2 
billion in the U.S. IDC is forecasting that will more 
than double this year, to $3.2 billion, and nearly dou- 
ble again in 2004. 

After that, the pace of growth slows — but con- 
tinues at a healthy rate as the industry becomes 
more established. Still, with a projected $15.2 billion 
in spending in 2007, this represents a compound 
annual growth rate of better than 66 percent during 
this period. 
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lona Technologies Inc. reported a loss per share of 
36 cents on revenues of US$17 million, based on gen- 
erally accepted accounting principles, for the quar- 
ter ended March 30. For the same quarter a year ago, 
lona posted revenues of $39.5 million and a loss of 23 
cents per share. The loss continues a downward 
trend for lona, which posted a loss of $28.1 million, or 
88 cents per share, based on revenues of $123.1 mil- 
lion for 2002. The company issued guidance that 
expects second-quarter revenues in the range of $17 
million to $19 million and a net loss per share in the 
range of 59 cents to 72 cents . . . Pervasive Soft- 
ware Inc. reported third-fiscal-quarter revenues of 
US$10 million and net income of $1.8 million, or 10 
cents per share, compared with net income of $1.7 
million, or 9 cents per share, for the same period last 
year. Pervasive expects revenues in the fourth quar- 
ter to be around $10.2 million with net income around 
$2 million . . . Sybase Inc. reported first-quarter 
revenues of US$181.6 million, down from $211 million 
a year ago, and posted pro forma earnings per share 
of 17 cents, compared with 21 cents last year. Pro for- 
ma net income for the quarter was $16.1 million, 
down from $21.1 million in 2002 . . . Apple Comput- 
er Inc. showed a decline in second-quarter profit to 
US$14 million, compared with a net profit of $40 mil- 
lion a year ago. Revenue for the period was $1,475 
billion, down 1 percent from last year, the company 
reported ... Sun Microsystems Inc. reported 
third-guarter revenues of US$2.79 billion, represent- 
ing a decline of more than 10 percent from the $3.1 
billion brought in last year. Meanwhile, net income 
for the quarter was $4 million, or zero cents per 
share, as compared with a net loss of $37 million, or 
1 cent per share, in 2002 ... The board of directors 
of Ascential Software Corp. is proposing a 1-for-4 
reverse stock split, to reduce the number of out- 
standing common shares from roughly 231.5 million 
to about 58 million. I 
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IDUG 2003 May 19-23 

Las Vegas 

INTERNATIONAL DB USERS GROUP 

http://conferences.idug.org 

TechEd June 1-6 

Dallas 

MICROSOFT CORP. 

www.microsoft.com/usa/teched 

Software Management June 2-6 
& Applications of Software 
Measurement 

San Jose 

SOFTWARE QUALITY ENGINEERING 

www.sqe.com/sm 



JavaOne 

San Francisco 

SUN MICROSYSTEMS INC. 

http://java.sun.com/javaone 



June 10-13 



June 9-14 



USENIX Annual 
Technical Conference 

San Antonio 

ADVANCED COMPUTING SYSTEMS ASSOCIATION 

www.usenix.org/events/usenix03 

For a more complete calendar of U.S. software devel- 
opment events, see www.bzmedia.com/calendar. 

Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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The difference between manual coding arid using 
TOAD Is like comparing riding a motorcycle to walking. 
My job demands that I juggle development and testing 
with datable administration, and onl^TOAD lets me 
do it all, Thai's why I start off each day with TOAD. v 

Get to know TOAD — visit www.questxomysdtirnes 
today for a free walkthrough and see why more than 
300,000 Oracle pros use TOAD. 
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